Search

Find a vulnerability

Search criteria

    110 vulnerabilities found for MQ Appliance by IBM

    CVE-2025-14456 (GCVE-0-2025-14456)

    Vulnerability from nvd – Published: 2026-03-03 20:42 – Updated: 2026-03-03 21:02
    VLAI
    Title
    IBM MQ Appliance uses weaker than expected cryptographic algorithms
    Summary
    IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260383 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.4 CD , ≤ 9.4.4.0 to 9.4.4.1 (semver)
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-03T21:02:31.103559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T21:02:47.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*"
              ],
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.4.0 to 9.4.4.1",
                  "status": "affected",
                  "version": "9.4 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1\u003c/p\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T20:42:49.648Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware."
            }
          ],
          "title": "IBM MQ Appliance uses weaker than expected cryptographic algorithms",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14456",
        "datePublished": "2026-03-03T20:42:49.648Z",
        "dateReserved": "2025-12-10T14:53:02.870Z",
        "dateUpdated": "2026-03-03T21:02:47.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3631 (GCVE-0-2025-3631)

    Vulnerability from nvd – Published: 2025-07-11 18:37 – Updated: 2025-08-18 01:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3.2.0 CD , ≤ 9.3.5.1 CD (semver)
    Affected: 9.4.0.0 , ≤ 9.4.2.1 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
        cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3.2.0 CD , ≤ 9.3.5.2 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
    Affected: 9.4.1.0 CD , ≤ 9.4.2.1 CD (semver)
        cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T18:51:57.975695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T18:52:08.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.1 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.2 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
                }
              ],
              "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:35:24.388Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238310"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue was addressed under known issue DT435291 .\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.4 LTS\u003cbr\u003e\u003cbr\u003eApply fix pack 9.4.0.12\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.3 CD and 9.4 CD\u003cbr\u003e\u003cbr\u003eUpgrade to IBM MQ version 9.4.3\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.3 CD\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.4 LTS\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u0026nbsp;\u003cdiv\u003eIBM MQ Appliance version 9.4 CD\u003c/div\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3631",
        "datePublished": "2025-07-11T18:37:38.769Z",
        "dateReserved": "2025-04-15T09:48:13.276Z",
        "dateUpdated": "2025-08-18T01:35:24.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51471 (GCVE-0-2024-51471)

    Vulnerability from nvd – Published: 2024-12-19 17:11 – Updated: 2024-12-20 17:55
    VLAI
    Title
    IBM MQ Appliance denial of service
    Summary
    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:55:02.866568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:55:19.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:15:25.805Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178243"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51471",
        "datePublished": "2024-12-19T17:11:02.223Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-20T17:55:19.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from nvd – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-14456 (GCVE-0-2025-14456)

    Vulnerability from cvelistv5 – Published: 2026-03-03 20:42 – Updated: 2026-03-03 21:02
    VLAI
    Title
    IBM MQ Appliance uses weaker than expected cryptographic algorithms
    Summary
    IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260383 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.4 CD , ≤ 9.4.4.0 to 9.4.4.1 (semver)
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-03T21:02:31.103559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T21:02:47.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*"
              ],
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.4.0 to 9.4.4.1",
                  "status": "affected",
                  "version": "9.4 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1\u003c/p\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T20:42:49.648Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware."
            }
          ],
          "title": "IBM MQ Appliance uses weaker than expected cryptographic algorithms",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14456",
        "datePublished": "2026-03-03T20:42:49.648Z",
        "dateReserved": "2025-12-10T14:53:02.870Z",
        "dateUpdated": "2026-03-03T21:02:47.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3631 (GCVE-0-2025-3631)

    Vulnerability from cvelistv5 – Published: 2025-07-11 18:37 – Updated: 2025-08-18 01:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3.2.0 CD , ≤ 9.3.5.1 CD (semver)
    Affected: 9.4.0.0 , ≤ 9.4.2.1 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
        cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3.2.0 CD , ≤ 9.3.5.2 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
    Affected: 9.4.1.0 CD , ≤ 9.4.2.1 CD (semver)
        cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T18:51:57.975695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T18:52:08.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.1 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.2 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
                }
              ],
              "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:35:24.388Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238310"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue was addressed under known issue DT435291 .\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.4 LTS\u003cbr\u003e\u003cbr\u003eApply fix pack 9.4.0.12\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.3 CD and 9.4 CD\u003cbr\u003e\u003cbr\u003eUpgrade to IBM MQ version 9.4.3\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.3 CD\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.4 LTS\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u0026nbsp;\u003cdiv\u003eIBM MQ Appliance version 9.4 CD\u003c/div\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3631",
        "datePublished": "2025-07-11T18:37:38.769Z",
        "dateReserved": "2025-04-15T09:48:13.276Z",
        "dateUpdated": "2025-08-18T01:35:24.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51471 (GCVE-0-2024-51471)

    Vulnerability from cvelistv5 – Published: 2024-12-19 17:11 – Updated: 2024-12-20 17:55
    VLAI
    Title
    IBM MQ Appliance denial of service
    Summary
    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:55:02.866568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:55:19.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:15:25.805Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178243"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51471",
        "datePublished": "2024-12-19T17:11:02.223Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-20T17:55:19.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from cvelistv5 – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202404-2194

    Vulnerability from variot - Updated: 2025-07-05 23:28

    IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-2194",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.3.0.17"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.3.5"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.3.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.3.0.0  that\u0027s all  9.3.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.3.0.0  that\u0027s all  9.3.0.17"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.3"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "cve": "CVE-2024-25048",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2024-22243",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2024-25048",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-025689",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2024-25048",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-025689",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-22243",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-25048",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "id": "VAR-202404-2194",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          }
        ]
      },
      "last_update_date": "2025-07-05T23:28:50.124000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "7149481 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/7149481"
          },
          {
            "title": "Patch for IBM MQ Appliance Buffer Overflow Vulnerability (CNVD-2024-22243)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/545971"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
          },
          {
            "trust": 1.0,
            "url": "https://www.ibm.com/support/pages/node/7149481"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-25048"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "date": "2025-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "date": "2024-04-27T12:15:10.517000",
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-22243"
          },
          {
            "date": "2025-07-04T03:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          },
          {
            "date": "2025-07-03T20:45:20.627000",
            "db": "NVD",
            "id": "CVE-2024-25048"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0 of \u00a0IBM\u00a0MQ\u00a0Appliance\u00a0 Heap-based buffer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025689"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202412-2591

    Vulnerability from variot - Updated: 2025-07-05 23:14

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. IBM of IBM MQ Appliance Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware from International Business Machines (IBM).

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS versions have a buffer overflow vulnerability. The vulnerability is caused by the information being written into the memory exceeding the expected buffer size. Attackers can exploit this vulnerability to cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202412-2591",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.4.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.3.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.3.0.26"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.4.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.3.0.0  to  9.4.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.4.0.0  to  9.4.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.3.0.0  to  9.3.0.26"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.3"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.3"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "cve": "CVE-2024-51471",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-00311",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "id": "CVE-2024-51471",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-025683",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2024-51471",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-025683",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-00311",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. IBM of IBM MQ Appliance Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware from International Business Machines (IBM). \n\nIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS versions have a buffer overflow vulnerability. The vulnerability is caused by the information being written into the memory exceeding the expected buffer size. Attackers can exploit this vulnerability to cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-51471",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "id": "VAR-202412-2591",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          }
        ]
      },
      "last_update_date": "2025-07-05T23:14:21.756000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "7178243",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/7178243"
          },
          {
            "title": "Patch for IBM MQ Appliance Buffer Overflow Vulnerability (CNVD-2025-0031176)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/647231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds read (CWE-125) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-51471"
          },
          {
            "trust": 1.0,
            "url": "https://www.ibm.com/support/pages/node/7178243"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "date": "2025-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "date": "2024-12-19T18:15:23.153000",
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-01-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-00311"
          },
          {
            "date": "2025-07-04T01:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          },
          {
            "date": "2025-07-03T20:23:41.563000",
            "db": "NVD",
            "id": "CVE-2024-51471"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0 of \u00a0IBM\u00a0MQ\u00a0Appliance\u00a0 Out-of-bounds read vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025683"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201707-0274

    Vulnerability from variot - Updated: 2025-04-20 23:36

    IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to crash the service, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0274",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq cd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "99505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "99505"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-1236",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-1236",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-1236",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-1236",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-1236",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-285",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354. IBM WebSphere MQ There is a service disruption (DoS) There are vulnerabilities that are put into a state. IBM MQ is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to crash the service, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "BID",
            "id": "99505"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-1236",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99505",
            "trust": 1.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "99505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "id": "VAR-201707-0274",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.46875
      },
      "last_update_date": "2025-04-20T23:36:49.658000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "2003510",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510"
          },
          {
            "title": "IBM WebSphere MQ  and IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71548"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003510"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/99505"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1236"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1236"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22003510"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "99505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "99505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "BID",
            "id": "99505"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "date": "2017-07-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "date": "2017-07-06T14:29:00.247000",
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "BID",
            "id": "99505"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          },
          {
            "date": "2017-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-1236"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM WebSphere MQ Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-285"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201609-0395

    Vulnerability from variot - Updated: 2025-04-13 23:23

    MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq appliance m2000",
            "scope": null,
            "trust": 1.7,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance m2001",
            "scope": null,
            "trust": 1.7,
            "vendor": "ibm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:ibm:mq_appliance_m2001",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ibm:mq_appliance_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM",
        "sources": [
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-5879",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-5879",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2016-06498",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-94699",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.0,
                "id": "CVE-2016-5879",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-5879",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5879",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-06498",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201608-342",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94699",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-5879",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. IBMMQAppliance is a solution that enables IBMMQ to be deployed in new use cases and to simplify existing deployment options. Allows a local attacker to exploit the vulnerability to execute arbitrary commands and obtain sensitive information. IBM MQ Appliance is prone to a local command-execution vulnerability. Both IBM MQ Appliance M2000 and M2001 are all-in-one devices used by IBM Corporation in the United States for the rapid deployment of enterprise-level message middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5879",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "92538",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "id": "VAR-201609-0395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:23:35.173000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "1987697",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697"
          },
          {
            "title": "IBMMQAppliance local command execution vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/80608"
          },
          {
            "title": "IBM MQ Appliance Fixes for local command execution vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63706"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987697"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/92538"
          },
          {
            "trust": 1.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it16174"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5879"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5879"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "date": "2016-09-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "date": "2016-09-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "date": "2016-08-18T00:00:00",
            "db": "BID",
            "id": "92538"
          },
          {
            "date": "2016-09-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "date": "2016-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "date": "2016-09-02T14:59:08.160000",
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-06498"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94699"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5879"
          },
          {
            "date": "2016-08-18T00:00:00",
            "db": "BID",
            "id": "92538"
          },
          {
            "date": "2016-09-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          },
          {
            "date": "2016-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-5879"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "92538"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance M2000 and  M2001 Device  MQCLI In any  shell Command execution vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-004521"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-342"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1381

    Vulnerability from variot - Updated: 2024-11-23 23:11

    IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1381",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.6"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.1 cd"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.1 lts"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          }
        ]
      },
      "cve": "CVE-2020-4498",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-4498",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008714",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-47945",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2020-4498",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.5,
                "id": "CVE-2020-4498",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008714",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-4498",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2020-4498",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008714",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-47945",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-1529",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. IBM MQ Appliance There is an information leakage vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 182118 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware. Local attackers can use this vulnerability to obtain highly sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-4498",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47972",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "id": "VAR-202007-1381",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:22.905000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6252409",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6252409"
          },
          {
            "title": "ibm-mq-cve20204498-info-disc (182118)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
          },
          {
            "title": "Patch for IBM MQ Appliance information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/231259"
          },
          {
            "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124844"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-532",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182118"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/6252409"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4498"
          },
          {
            "trust": 1.2,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4498/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4498"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47972"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-trace-files-32931"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-allow-information-exposure-when-using-mq-cve-2020-4498/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "date": "2020-07-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "date": "2020-07-27T14:15:12.677000",
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008714"
          },
          {
            "date": "2020-12-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          },
          {
            "date": "2024-11-21T05:32:49.137000",
            "db": "NVD",
            "id": "CVE-2020-4498"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance information disclosure vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-47945"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1529"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1514

    Vulnerability from variot - Updated: 2024-11-23 23:11

    IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1514",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.6,
            "vendor": "ibm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "cve": "CVE-2020-4869",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-4869",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-03003",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-4869",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "id": "CVE-2020-4869",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2020-4869",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-4869",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2020-4869",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-4869",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-03003",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-482",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. Vendor exploits this vulnerability IBM X-Force ID: 190831 Is published as.Denial of service (DoS) It may be put into a state. IBM MQ Appliance is an all-in-one device from IBM in the United States for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-4869",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "id": "VAR-202101-1514",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:12.655000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6398791 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6398791"
          },
          {
            "title": "Patch for IBM MQ Appliance buffer overflow vulnerability (CNVD-2021-03003)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/244204"
          },
          {
            "title": "IBM MQ Appliance Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138656"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190831"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/6398791"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4869"
          },
          {
            "trust": 1.2,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4869/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-snmp-query-34268"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "date": "2021-01-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "date": "2021-01-11T17:15:12.490000",
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-03003"
          },
          {
            "date": "2021-09-14T09:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          },
          {
            "date": "2021-06-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          },
          {
            "date": "2024-11-21T05:33:20.627000",
            "db": "NVD",
            "id": "CVE-2020-4869"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Buffer Overflow Vulnerability in Linux",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002418"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-482"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-1477

    Vulnerability from variot - Updated: 2024-11-23 23:10

    IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1477",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.5"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0"
          },
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "cve": "CVE-2022-22321",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22321",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2022-51680",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-22321",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.4,
                "id": "CVE-2022-22321",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-22321",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22321",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2022-22321",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22321",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-51680",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-2176",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22321",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368. Vendors may IBM X-Force ID: 218368 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one appliance for rapidly deploying enterprise-class messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22321",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0853",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "id": "VAR-202202-1477",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:10:57.340000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6560042 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6560042"
          },
          {
            "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-51680)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/339966"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184361"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.0
          },
          {
            "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218368"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/pages/node/6560042"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22321"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-weak-encryption-via-password-hash-37667"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0853"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22321/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/326.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "date": "2022-03-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "date": "2023-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "date": "2022-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "date": "2022-03-01T17:15:08.073000",
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-51680"
          },
          {
            "date": "2023-08-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22321"
          },
          {
            "date": "2023-07-10T07:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          },
          {
            "date": "2024-11-21T06:46:38.320000",
            "db": "NVD",
            "id": "CVE-2022-22321"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding insufficient protection of authentication information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-006841"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-2176"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1745

    Vulnerability from variot - Updated: 2024-11-23 23:08

    IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1745",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq appliance cd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM",
        "sources": [
          {
            "db": "BID",
            "id": "103491"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1429",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2018-1429",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2018-1429",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 2.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1429",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2018-1429",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1429",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-894",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. Vendors have confirmed this vulnerability IBM X-Force ID: 139077 It is released as.Information may be obtained and information may be altered. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "BID",
            "id": "103491"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1429",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "103491",
            "trust": 1.9
          },
          {
            "db": "SECTRACK",
            "id": "1040564",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "id": "VAR-201803-1745",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.46875
      },
      "last_update_date": "2024-11-23T23:08:45.951000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "2014046",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046"
          },
          {
            "title": "ibm-websphere-cve20181429-xss (139077)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
          },
          {
            "title": "IBM MQ Appliance Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79393"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139077"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id/1040564"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/103491"
          },
          {
            "trust": 1.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014046"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1429"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1429"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014046"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "103491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-21T00:00:00",
            "db": "BID",
            "id": "103491"
          },
          {
            "date": "2018-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "date": "2018-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "date": "2018-03-23T19:29:00.747000",
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-21T00:00:00",
            "db": "BID",
            "id": "103491"
          },
          {
            "date": "2018-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          },
          {
            "date": "2024-11-21T03:59:48.220000",
            "db": "NVD",
            "id": "CVE-2018-1429"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003249"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-894"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0826

    Vulnerability from variot - Updated: 2024-11-23 23:07

    IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware.

    There is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0826",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.6,
            "vendor": "ibm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "cve": "CVE-2020-4931",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-4931",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-12640",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-4931",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-4931",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-4931",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2020-4931",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-12640",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1508",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. \n\r\n\r\nThere is a security vulnerability in the IBM MQ Appliance. Attackers can use this vulnerability to trigger a fatal error through the AMQP channel of the IBM MQ appliance, thereby triggering a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-4931",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "id": "VAR-202102-0826",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:39.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/249166"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142521"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191747"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/6403295"
          },
          {
            "trust": 1.2,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4931/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4931"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-amqp-channels-34652"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-could-allow-an-authenticated-user-to-cause-a-denial-of-service-due-to-an-issue-processing-messages-cve-2020-4931/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "date": "2021-02-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "date": "2021-02-24T18:15:12.797000",
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          },
          {
            "date": "2024-11-21T05:33:26.623000",
            "db": "NVD",
            "id": "CVE-2020-4931"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance Denial of Service Vulnerability (CNVD-2021-12640)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-12640"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1508"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-1117

    Vulnerability from variot - Updated: 2024-11-23 22:54

    IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1117",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "cve": "CVE-2022-22355",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-22355",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-36974",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22355",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-22355",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22355",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2022-22355",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22355",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-36974",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-1999",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22355",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22355",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "id": "VAR-202204-1117",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:54:36.812000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6564711 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "title": "Patch for IBM MQ Appliance Denial of Service Vulnerability (CNVD-2022-36974)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/332786"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188015"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220486"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22355"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22355/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-login-component-37957"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "date": "2022-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "date": "2023-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "date": "2022-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "date": "2022-04-05T17:15:08.320000",
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-36974"
          },
          {
            "date": "2022-04-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22355"
          },
          {
            "date": "2023-08-07T05:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          },
          {
            "date": "2024-11-21T06:46:41.520000",
            "db": "NVD",
            "id": "CVE-2022-22355"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009546"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1999"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0395

    Vulnerability from variot - Updated: 2024-11-23 22:51

    IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.2.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.2.9"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.0.10"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.6.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.6.0.2"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.1.9"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.2.0.16"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.2.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.5"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.1.0.19"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.1.0.0 to  7.1.0.19"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.2.0.0 to  7.2.0.16"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.5.0.0 to  7.5.0.10"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.5.1.0 to  7.5.1.9"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.5.2.0 to  7.5.2.9"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.6.0.0 to  7.6.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "8.0.0.0 to  8.0.0.8"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.0.1 to  9.0.5"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "7.2.0.0"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.5"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6.0.1"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6.0.0"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.9"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.8"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.2"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.1"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.0"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.9"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.8"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.4"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.3"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.2"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.1"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.0"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.9"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.5"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.4"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.3"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.2"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.10"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.0"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.16"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.15"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.11"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.10"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.0"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.1"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.0"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.2"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.8"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.6"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.4"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.9"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.8"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.7"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.5"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.4"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.3"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.2"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.19"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.18"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.15"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.14"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.12"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.11"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.10"
          },
          {
            "model": "mq appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "mq appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6.0.3"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.10"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.10"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.11"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.17"
          },
          {
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.20"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:datapower_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "106403"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1652",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1652",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-126887",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-1652",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2018-1652",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1652",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2018-1652",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1652",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-341",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-126887",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1652",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "106403",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-126887",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "id": "VAR-201812-0395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          }
        ],
        "trust": 0.56875
      },
      "last_update_date": "2024-11-23T22:51:53.839000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "0717483",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
          },
          {
            "title": "0744557",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
          },
          {
            "title": "ibm-mq-cve20181652-dos (144724)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
          },
          {
            "title": "IBM DataPower Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87602"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557"
          },
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1652"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1652"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/"
          },
          {
            "trust": 0.3,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
          },
          {
            "trust": 0.3,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10717483"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "date": "2018-12-07T00:00:00",
            "db": "BID",
            "id": "106403"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "date": "2018-12-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "date": "2018-12-11T16:29:00.467000",
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126887"
          },
          {
            "date": "2018-12-07T00:00:00",
            "db": "BID",
            "id": "106403"
          },
          {
            "date": "2019-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          },
          {
            "date": "2024-11-21T04:00:08.467000",
            "db": "NVD",
            "id": "CVE-2018-1652"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "106403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM DataPower Gateway and  MQ Appliance Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012014"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-341"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-0542

    Vulnerability from variot - Updated: 2024-11-23 22:32

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0542",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.5"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.5"
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance lts",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2.0.0,\u003c9.2.0.5"
          },
          {
            "model": "mq appliance continuous delivery",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2.0.0,\u003c9.2.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "cve": "CVE-2022-22316",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2022-22316",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-25209",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22316",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "id": "CVE-2022-22316",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-22316",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22316",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2022-22316",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22316",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-25209",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-1939",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22316",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22316",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2414",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "id": "VAR-202203-0542",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:32:55.167000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6560040 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6560040"
          },
          {
            "title": "Patch for Unknown Vulnerability in IBM MQ Appliance (CNVD-2022-25209)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/328546"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187134"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218276"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/pages/node/6560040"
          },
          {
            "trust": 1.2,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-authorization-check-37842"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22316"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2414"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22316/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "date": "2022-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "date": "2023-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "date": "2022-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "date": "2022-03-23T17:15:07.793000",
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-25209"
          },
          {
            "date": "2022-03-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22316"
          },
          {
            "date": "2023-08-03T07:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          },
          {
            "date": "2022-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          },
          {
            "date": "2024-11-21T06:46:37.690000",
            "db": "NVD",
            "id": "CVE-2022-22316"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009158"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-1939"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201801-0385

    Vulnerability from variot - Updated: 2024-11-23 22:22

    IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0385",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "websphere mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.2"
          },
          {
            "model": "mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "102418"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-1557",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-1557",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-1557",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-1557",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-1557",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201801-077",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 131547 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "BID",
            "id": "102418"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-1557",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "102418",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "id": "VAR-201801-0385",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.46875
      },
      "last_update_date": "2024-11-23T22:22:15.338000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "2004378",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378"
          },
          {
            "title": "IBM WebSphere MQ Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77425"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/102418"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131547"
          },
          {
            "trust": 1.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004378"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1557"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1557"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22004378"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "102418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-02T00:00:00",
            "db": "BID",
            "id": "102418"
          },
          {
            "date": "2018-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "date": "2018-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "date": "2018-01-02T17:29:01.070000",
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-02T00:00:00",
            "db": "BID",
            "id": "102418"
          },
          {
            "date": "2018-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          },
          {
            "date": "2024-11-21T03:22:04.467000",
            "db": "NVD",
            "id": "CVE-2017-1557"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM WebSphere MQ Access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011805"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-077"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-1116

    Vulnerability from variot - Updated: 2024-11-23 21:58

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1116",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "cve": "CVE-2022-22356",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2022-22356",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-36975",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22356",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2022-22356",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-22356",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22356",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2022-22356",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22356",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-36975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2000",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22356",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22356",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "id": "VAR-202204-1116",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:58:27.346000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6564711 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2022-36975)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/332781"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188274"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-203",
            "trust": 1.0
          },
          {
            "problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220487"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/pages/node/6564711"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22356"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22356/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/203.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "date": "2022-04-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "date": "2023-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "date": "2022-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "date": "2022-04-05T17:15:08.370000",
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-36975"
          },
          {
            "date": "2022-04-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22356"
          },
          {
            "date": "2023-08-07T05:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          },
          {
            "date": "2024-11-21T06:46:41.630000",
            "db": "NVD",
            "id": "CVE-2022-22356"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding observable inconsistencies in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009545"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2000"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0016

    Vulnerability from variot - Updated: 2024-11-23 21:37

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0016",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "datapower gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "2018.4.1.7"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.2"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "2018.4.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "2018.4.1.6"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "datapower gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.6.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.12"
          },
          {
            "model": "datapower gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.6.0.15"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "2018.4.1.0 to  2018.4.1.6"
          },
          {
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "7.6.0.0 to  7.6.0.15"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "8.0.0.0 to  8.0.0.12"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.1.0.0 to  9.1.0.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.1.1 to  9.1.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:datapower_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          }
        ]
      },
      "cve": "CVE-2019-4294",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-4294",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-155729",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-4294",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-4294",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-4294",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-4294",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4294",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-4294",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1243",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-155729",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Vendors have confirmed this vulnerability IBM X-Force ID: 16188 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. The following products and versions are affected: IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.6, DataPower Gateway 7.6.0.0 to 7.6.0.15, DataPower Gateway CD",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4294",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-155729",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "id": "VAR-201908-0016",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T21:37:03.476000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "0887005",
            "trust": 0.8,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887005"
          },
          {
            "title": "0958933",
            "trust": 0.8,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933"
          },
          {
            "title": "ibm-mq-cve20194294-code-exec (160701)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
          },
          {
            "title": "IBM DataPower Gateway Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=96888"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887005"
          },
          {
            "trust": 1.7,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10958933"
          },
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160701"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4294"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4294"
          },
          {
            "trust": 0.6,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10958933"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "date": "2019-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "date": "2019-08-20T19:15:11.730000",
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155729"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          },
          {
            "date": "2022-12-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          },
          {
            "date": "2024-11-21T04:43:26.147000",
            "db": "NVD",
            "id": "CVE-2019-4294"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM DataPower Gateway and  IBM MQ Appliance Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008161"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1243"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-0211

    Vulnerability from variot - Updated: 2024-11-23 21:21

    IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0211",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 1.4,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.4"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1.2"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "cve": "CVE-2019-4620",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-4620",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.1,
                "id": "CNVD-2020-04908",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-4620",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-4620",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-4620",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-4620",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4620",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-4620",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04908",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202001-1261",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. IBM MQ Appliance Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 168863 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware by IBM Corporation in the United States. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4620",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0266",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "id": "VAR-202001-0211",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:21:53.901000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "168863 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/1125891"
          },
          {
            "title": "Patch for IBM MQ Appliance Input Validation Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/200333"
          },
          {
            "title": "IBM MQ Appliance Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107610"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168863"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/1125891"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4620"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1106523"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1125897"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135023"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127031"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0266/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-bypass-security-restrictions-cve-2019-4620/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "date": "2020-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "date": "2020-01-28T19:15:13.217000",
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014395"
          },
          {
            "date": "2020-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          },
          {
            "date": "2024-11-21T04:43:52.990000",
            "db": "NVD",
            "id": "CVE-2019-4620"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance Input Validation Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1261"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0593

    Vulnerability from variot - Updated: 2024-11-23 21:06

    IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0593",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.4"
          },
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "model": "websphere mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.0.9"
          },
          {
            "model": "websphere mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.9"
          },
          {
            "model": "mq",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "websphere mq",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          }
        ]
      },
      "cve": "CVE-2019-4656",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-4656",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014904",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-17502",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-4656",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-4656",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014904",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-4656",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4656",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014904",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17502",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-896",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4656",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4106",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "id": "VAR-202003-0593",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:06:16.264000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "1135095",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/1135095"
          },
          {
            "title": "ibm-mq-cve20194656-dos (170967)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967"
          },
          {
            "title": "Patch for IBM MQ Appliance and IBM MQ Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209207"
          },
          {
            "title": "IBM MQ  and IBM MQ Appliance Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112526"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170967"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/1135095"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4656"
          },
          {
            "trust": 1.2,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-error-processing-error-messages-cve-2019-4656/"
          },
          {
            "trust": 1.2,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-31785"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4656"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "date": "2020-03-16T16:15:12.670000",
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17502"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          },
          {
            "date": "2024-11-21T04:43:56.300000",
            "db": "NVD",
            "id": "CVE-2019-4656"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ and  MQ Appliance Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014904"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-896"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0592

    Vulnerability from variot - Updated: 2024-11-23 20:33

    IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0592",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.4"
          },
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "model": "mq",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "model": "websphere mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.5.0.9"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.4"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "websphere mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.9"
          },
          {
            "model": "mq",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "websphere mq",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq appliance cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq appliance lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:websphere_mq",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          }
        ]
      },
      "cve": "CVE-2019-4719",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-4719",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014905",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-17505",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-4719",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.4,
                "id": "CVE-2019-4719",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014905",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-4719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014905",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-17505",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-904",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4719",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4106",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "id": "VAR-202003-0592",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          }
        ],
        "trust": 1.06875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:33:16.637000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "1136608",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/1136608"
          },
          {
            "title": "ibm-mq-cve20194719-info-disc (172124)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124"
          },
          {
            "title": "Patch for IBM MQ and IBM MQ Appliance information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209203"
          },
          {
            "title": "IBM MQ  and IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=112529"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172124"
          },
          {
            "trust": 1.6,
            "url": "https://www.ibm.com/support/pages/node/1136608"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4719"
          },
          {
            "trust": 1.2,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4719"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "date": "2020-03-16T16:15:12.750000",
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "date": "2020-03-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014905"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          },
          {
            "date": "2024-11-21T04:44:02.880000",
            "db": "NVD",
            "id": "CVE-2019-4719"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ and IBM MQ Appliance information disclosure vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-17505"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-904"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-0357

    Vulnerability from variot - Updated: 2024-11-23 19:38

    IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0357",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.10"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.1"
          },
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "mq",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "8.0.0.10"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "8.0.0.0 to  8.0.0.10"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.0.0.0 to  9.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.1.0.0 to  9.1.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.5"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.5"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.4"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "model": "mq cd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.1"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.5"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.4"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.4"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.3"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.2"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "model": "mq lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.10"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "model": "mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "model": "mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.2"
          },
          {
            "model": "mq lts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.6"
          },
          {
            "model": "mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.11"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ibm:mq_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "108027"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-4055",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-4055",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-4055",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-4055",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-4055",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4055",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-4055",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-879",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThe following product and versions are affected:\nIBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "BID",
            "id": "108027"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4055",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "108027",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1347",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4784",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4106",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3122",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "id": "VAR-201904-0357",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.46875
      },
      "last_update_date": "2024-11-23T19:38:16.858000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "0870484",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
          },
          {
            "title": "ibm-websphere-cve20194055-dos (156564)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
          },
          {
            "title": "IBM MQ  and IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91713"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/108027"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4055"
          },
          {
            "trust": 0.9,
            "url": "http://www.ibm.com/"
          },
          {
            "trust": 0.9,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870484"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4055"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137634"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1115109"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967151"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-denial-of-service-via-tls-key-renegotiation-29053"
          },
          {
            "trust": 0.6,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10967151"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1115031"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/79378"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4106"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3122/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4784/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "108027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "108027"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "date": "2019-04-19T17:29:01.987000",
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-16T00:00:00",
            "db": "BID",
            "id": "108027"
          },
          {
            "date": "2019-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          },
          {
            "date": "2024-11-21T04:43:05.823000",
            "db": "NVD",
            "id": "CVE-2019-4055"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003617"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-879"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1527

    Vulnerability from variot - Updated: 2024-08-14 13:23

    IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1527",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "cve": "CVE-2021-38999",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-38999",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-92962",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-38999",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.4,
                "id": "CVE-2021-38999",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-38999",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-38999",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2021-38999",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-38999",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-92962",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2173",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-38999",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-38999",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4024",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "id": "VAR-202111-1527",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:23:09.518000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6519418 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6519418"
          },
          {
            "title": "Patch for IBM MQ Appliance Information Disclosure Vulnerability (CNVD-2021-92962)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/302081"
          },
          {
            "title": "IBM MQ Appliance Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172092"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "information leak (CWE-200) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.ibm.com/support/pages/node/6519418"
          },
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213214"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38999"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-logged-sensitive-information-via-trace-36984"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "date": "2022-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "date": "2021-11-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "date": "2021-11-30T17:15:11.533000",
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92962"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-38999"
          },
          {
            "date": "2022-11-29T08:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          },
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          },
          {
            "date": "2021-11-30T20:29:04.297000",
            "db": "NVD",
            "id": "CVE-2021-38999"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability regarding information leakage in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015729"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2173"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1472

    Vulnerability from variot - Updated: 2024-08-14 13:23

    IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1472",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "cve": "CVE-2021-38958",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-38958",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-92963",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-38958",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.4,
                "id": "CVE-2021-38958",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-38958",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-38958",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2021-38958",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-38958",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-92963",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2182",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-38958",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4024",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "id": "VAR-202111-1472",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:23:09.492000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6519420 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6519420"
          },
          {
            "title": "Patch for An unspecified vulnerability exists in IBM MQ Appliance (CNVD-2021-92963)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/302086"
          },
          {
            "title": "IBM MQ Appliance Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172099"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.ibm.com/support/pages/node/6519420"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212043"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38958"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-denial-of-service-via-concurrency-issue-36983"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "date": "2022-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "date": "2021-11-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "date": "2021-11-30T17:15:11.427000",
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92963"
          },
          {
            "date": "2022-11-29T08:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          },
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          },
          {
            "date": "2021-11-30T20:32:18.963000",
            "db": "NVD",
            "id": "CVE-2021-38958"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015733"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2182"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1528

    Vulnerability from variot - Updated: 2024-08-14 13:23

    IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1528",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ibm",
            "version": "9.2.0.0"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 lts"
          },
          {
            "model": "mq appliance",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "9.2 cd"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "cve": "CVE-2021-38967",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-38967",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-92961",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2021-38967",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.5,
                "id": "CVE-2021-38967",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-38967",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-38967",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2021-38967",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-38967",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-92961",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2168",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-38967",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4024",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "id": "VAR-202111-1528",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:23:09.444000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "6512826 IBM\u00a0X-Force\u00a0Exchange",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/node/6512826"
          },
          {
            "title": "Patch for Unidentified vulnerabilities in IBM MQ Appliance",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/302076"
          },
          {
            "title": "IBM MQ Appliance Fixes for code injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172396"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          },
          {
            "problemtype": "Code injection (CWE-94) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.ibm.com/support/pages/node/6512826"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212441"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38967"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/ibm-mq-appliance-code-execution-via-injection-36982"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4024"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "date": "2022-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "date": "2021-11-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "date": "2021-11-30T17:15:11.483000",
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-92961"
          },
          {
            "date": "2022-11-29T08:18:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          },
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          },
          {
            "date": "2021-11-30T20:29:59.293000",
            "db": "NVD",
            "id": "CVE-2021-38967"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM\u00a0MQ\u00a0Appliance\u00a0 Code injection vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-015731"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2168"
          }
        ],
        "trust": 0.6
      }
    }