Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for MQ for HPE NonStop by IBM

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from nvd – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40237 (GCVE-0-2022-40237)

    Vulnerability from nvd – Published: 2023-02-27 14:18 – Updated: 2024-08-03 12:14
    VLAI
    Title
    IBM MQ for HPE NonStop denial of service
    Summary
    IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6958136"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic.  IBM X-Force ID:  235727."
                }
              ],
              "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic.  IBM X-Force ID:  235727."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:18:08.342Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6958136"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ for HPE NonStop denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-40237",
        "datePublished": "2023-02-27T14:18:08.342Z",
        "dateReserved": "2022-09-08T15:59:19.270Z",
        "dateUpdated": "2024-08-03T12:14:39.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22325 (GCVE-0-2022-22325)

    Vulnerability from nvd – Published: 2022-05-13 16:15 – Updated: 2024-09-16 17:49
    VLAI
    Summary
    IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:07:50.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6585780"
              },
              {
                "name": "ibm-mq-cve202222325-info-disc (218853)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/C:H/UI:N/AV:L/A:N/AC:H/PR:N/S:U/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-13T16:15:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6585780"
            },
            {
              "name": "ibm-mq-cve202222325-info-disc (218853)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-05-12T00:00:00",
              "ID": "CVE-2022-22325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6585780",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6585780 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6585780"
                },
                {
                  "name": "ibm-mq-cve202222325-info-disc (218853)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22325",
        "datePublished": "2022-05-13T16:15:18.573Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:49:14.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38950 (GCVE-0-2021-38950)

    Vulnerability from nvd – Published: 2021-12-14 16:20 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2021-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6525810"
              },
              {
                "name": "ibm-mq-cve202138950-priv-escalation (211404)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2021-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/AC:H/C:H/S:U/I:H/AV:L/A:H/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-14T16:20:10.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6525810"
            },
            {
              "name": "ibm-mq-cve202138950-priv-escalation (211404)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-12-13T00:00:00",
              "ID": "CVE-2021-38950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "H",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6525810",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6525810 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6525810"
                },
                {
                  "name": "ibm-mq-cve202138950-priv-escalation (211404)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-38950",
        "datePublished": "2021-12-14T16:20:10.693Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:32.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4466 (GCVE-0-2020-4466)

    Vulnerability from nvd – Published: 2020-07-20 14:05 – Updated: 2024-09-16 20:13
    VLAI
    Summary
    IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6250473"
              },
              {
                "name": "ibm-mq-cve20204466-dos (181563)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/C:N/UI:N/AV:N/AC:L/A:H/PR:L/I:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T14:05:24.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6250473"
            },
            {
              "name": "ibm-mq-cve20204466-dos (181563)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-17T00:00:00",
              "ID": "CVE-2020-4466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6250473",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6250473 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6250473"
                },
                {
                  "name": "ibm-mq-cve20204466-dos (181563)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4466",
        "datePublished": "2020-07-20T14:05:24.605Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:13:28.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4376 (GCVE-0-2020-4376)

    Vulnerability from nvd – Published: 2020-07-01 14:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6242364"
              },
              {
                "name": "ibm-mq-cve20204376-dos (179081)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:H/A:H/PR:L/UI:N/C:N/S:U/AV:N/I:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-01T14:25:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6242364"
            },
            {
              "name": "ibm-mq-cve20204376-dos (179081)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-06-30T00:00:00",
              "ID": "CVE-2020-4376",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6242364",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6242364 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6242364"
                },
                {
                  "name": "ibm-mq-cve20204376-dos (179081)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4376",
        "datePublished": "2020-07-01T14:25:31.874Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:05.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4352 (GCVE-0-2020-4352)

    Vulnerability from nvd – Published: 2020-05-29 13:10 – Updated: 2024-09-16 20:32
    VLAI
    Summary
    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6217600"
              },
              {
                "name": "ibm-mq-cve20204352-priv-escalation (178427)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/S:U/AV:L/PR:N/A:L/AC:H/C:L/I:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-29T13:10:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6217600"
            },
            {
              "name": "ibm-mq-cve20204352-priv-escalation (178427)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-05-28T00:00:00",
              "ID": "CVE-2020-4352",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6217600",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6217600 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6217600"
                },
                {
                  "name": "ibm-mq-cve20204352-priv-escalation (178427)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4352",
        "datePublished": "2020-05-29T13:10:20.156Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:05.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from cvelistv5 – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40237 (GCVE-0-2022-40237)

    Vulnerability from cvelistv5 – Published: 2023-02-27 14:18 – Updated: 2024-08-03 12:14
    VLAI
    Title
    IBM MQ for HPE NonStop denial of service
    Summary
    IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6958136"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic.  IBM X-Force ID:  235727."
                }
              ],
              "value": "IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic.  IBM X-Force ID:  235727."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T14:18:08.342Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6958136"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235727"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ for HPE NonStop denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-40237",
        "datePublished": "2023-02-27T14:18:08.342Z",
        "dateReserved": "2022-09-08T15:59:19.270Z",
        "dateUpdated": "2024-08-03T12:14:39.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22325 (GCVE-0-2022-22325)

    Vulnerability from cvelistv5 – Published: 2022-05-13 16:15 – Updated: 2024-09-16 17:49
    VLAI
    Summary
    IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:07:50.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6585780"
              },
              {
                "name": "ibm-mq-cve202222325-info-disc (218853)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/C:H/UI:N/AV:L/A:N/AC:H/PR:N/S:U/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-13T16:15:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6585780"
            },
            {
              "name": "ibm-mq-cve202222325-info-disc (218853)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-05-12T00:00:00",
              "ID": "CVE-2022-22325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6585780",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6585780 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6585780"
                },
                {
                  "name": "ibm-mq-cve202222325-info-disc (218853)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218853"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22325",
        "datePublished": "2022-05-13T16:15:18.573Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:49:14.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38950 (GCVE-0-2021-38950)

    Vulnerability from cvelistv5 – Published: 2021-12-14 16:20 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2021-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:51:20.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6525810"
              },
              {
                "name": "ibm-mq-cve202138950-priv-escalation (211404)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2021-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/AC:H/C:H/S:U/I:H/AV:L/A:H/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-14T16:20:10.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6525810"
            },
            {
              "name": "ibm-mq-cve202138950-priv-escalation (211404)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-12-13T00:00:00",
              "ID": "CVE-2021-38950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "H",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6525810",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6525810 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6525810"
                },
                {
                  "name": "ibm-mq-cve202138950-priv-escalation (211404)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211404"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-38950",
        "datePublished": "2021-12-14T16:20:10.693Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:32.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4466 (GCVE-0-2020-4466)

    Vulnerability from cvelistv5 – Published: 2020-07-20 14:05 – Updated: 2024-09-16 20:13
    VLAI
    Summary
    IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6250473"
              },
              {
                "name": "ibm-mq-cve20204466-dos (181563)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/C:N/UI:N/AV:N/AC:L/A:H/PR:L/I:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T14:05:24.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6250473"
            },
            {
              "name": "ibm-mq-cve20204466-dos (181563)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-17T00:00:00",
              "ID": "CVE-2020-4466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6250473",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6250473 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6250473"
                },
                {
                  "name": "ibm-mq-cve20204466-dos (181563)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4466",
        "datePublished": "2020-07-20T14:05:24.605Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:13:28.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4376 (GCVE-0-2020-4376)

    Vulnerability from cvelistv5 – Published: 2020-07-01 14:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6242364"
              },
              {
                "name": "ibm-mq-cve20204376-dos (179081)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:H/A:H/PR:L/UI:N/C:N/S:U/AV:N/I:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-01T14:25:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6242364"
            },
            {
              "name": "ibm-mq-cve20204376-dos (179081)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-06-30T00:00:00",
              "ID": "CVE-2020-4376",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6242364",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6242364 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6242364"
                },
                {
                  "name": "ibm-mq-cve20204376-dos (179081)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4376",
        "datePublished": "2020-07-01T14:25:31.874Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:05.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4352 (GCVE-0-2020-4352)

    Vulnerability from cvelistv5 – Published: 2020-05-29 13:10 – Updated: 2024-09-16 20:32
    VLAI
    Summary
    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ for HPE NonStop Affected: 8.1.0
    Affected: 8.0.4
    Create a notification for this product.
    Date Public
    2020-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6217600"
              },
              {
                "name": "ibm-mq-cve20204352-priv-escalation (178427)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0"
                },
                {
                  "status": "affected",
                  "version": "8.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/S:U/AV:L/PR:N/A:L/AC:H/C:L/I:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-29T13:10:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6217600"
            },
            {
              "name": "ibm-mq-cve20204352-priv-escalation (178427)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-05-28T00:00:00",
              "ID": "CVE-2020-4352",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ for HPE NonStop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0"
                              },
                              {
                                "version_value": "8.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6217600",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6217600 (MQ for HPE NonStop)",
                  "url": "https://www.ibm.com/support/pages/node/6217600"
                },
                {
                  "name": "ibm-mq-cve20204352-priv-escalation (178427)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178427"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4352",
        "datePublished": "2020-05-29T13:10:20.156Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:05.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }