Search

Find a vulnerability

Search criteria

    96 vulnerabilities found for mq_appliance by ibm

    CVE-2025-14456 (GCVE-0-2025-14456)

    Vulnerability from nvd – Published: 2026-03-03 20:42 – Updated: 2026-03-03 21:02
    VLAI
    Title
    IBM MQ Appliance uses weaker than expected cryptographic algorithms
    Summary
    IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260383 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.4 CD , ≤ 9.4.4.0 to 9.4.4.1 (semver)
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-03T21:02:31.103559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T21:02:47.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*"
              ],
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.4.0 to 9.4.4.1",
                  "status": "affected",
                  "version": "9.4 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1\u003c/p\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T20:42:49.648Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware."
            }
          ],
          "title": "IBM MQ Appliance uses weaker than expected cryptographic algorithms",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14456",
        "datePublished": "2026-03-03T20:42:49.648Z",
        "dateReserved": "2025-12-10T14:53:02.870Z",
        "dateUpdated": "2026-03-03T21:02:47.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3631 (GCVE-0-2025-3631)

    Vulnerability from nvd – Published: 2025-07-11 18:37 – Updated: 2025-08-18 01:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3.2.0 CD , ≤ 9.3.5.1 CD (semver)
    Affected: 9.4.0.0 , ≤ 9.4.2.1 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
        cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3.2.0 CD , ≤ 9.3.5.2 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
    Affected: 9.4.1.0 CD , ≤ 9.4.2.1 CD (semver)
        cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T18:51:57.975695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T18:52:08.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.1 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.2 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
                }
              ],
              "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:35:24.388Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238310"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue was addressed under known issue DT435291 .\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.4 LTS\u003cbr\u003e\u003cbr\u003eApply fix pack 9.4.0.12\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.3 CD and 9.4 CD\u003cbr\u003e\u003cbr\u003eUpgrade to IBM MQ version 9.4.3\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.3 CD\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.4 LTS\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u0026nbsp;\u003cdiv\u003eIBM MQ Appliance version 9.4 CD\u003c/div\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3631",
        "datePublished": "2025-07-11T18:37:38.769Z",
        "dateReserved": "2025-04-15T09:48:13.276Z",
        "dateUpdated": "2025-08-18T01:35:24.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23225 (GCVE-0-2025-23225)

    Vulnerability from nvd – Published: 2025-02-28 02:23 – Updated: 2025-02-28 16:34
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper Handling of Missing Values
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:33:52.569307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:34:10.887Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper Handling of Missing Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:23:30.753Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183372"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-23225",
        "datePublished": "2025-02-28T02:23:30.753Z",
        "dateReserved": "2025-01-13T23:41:34.179Z",
        "dateUpdated": "2025-02-28T16:34:10.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0975 (GCVE-0-2025-0975)

    Vulnerability from nvd – Published: 2025-02-28 02:20 – Updated: 2026-02-26 18:29
    VLAI
    Title
    IBM MQ code execution
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T04:55:20.576392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:29:06.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:20:36.466Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0975",
        "datePublished": "2025-02-28T02:20:36.466Z",
        "dateReserved": "2025-02-02T15:02:19.946Z",
        "dateUpdated": "2026-02-26T18:29:06.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54173 (GCVE-0-2024-54173)

    Vulnerability from nvd – Published: 2025-02-28 02:22 – Updated: 2025-02-28 16:37
    VLAI
    Title
    IBM MQ information disclosure
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1323 - Improper Management of Sensitive Trace Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:35:01.988933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:37:38.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1323",
                  "description": "CWE-1323 Improper Management of Sensitive Trace Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:22:14.364Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183370"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54173",
        "datePublished": "2025-02-28T02:22:14.364Z",
        "dateReserved": "2024-11-30T14:47:41.352Z",
        "dateUpdated": "2025-02-28T16:37:38.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51471 (GCVE-0-2024-51471)

    Vulnerability from nvd – Published: 2024-12-19 17:11 – Updated: 2024-12-20 17:55
    VLAI
    Title
    IBM MQ Appliance denial of service
    Summary
    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:55:02.866568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:55:19.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:15:25.805Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178243"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51471",
        "datePublished": "2024-12-19T17:11:02.223Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-20T17:55:19.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from nvd – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25048 (GCVE-0-2024-25048)

    Vulnerability from nvd – Published: 2024-04-27 12:07 – Updated: 2024-08-01 23:36
    VLAI
    Title
    IBM MQ code execution
    Summary
    IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD
    Create a notification for this product.
    ibm mq_appliance Affected: 9.3.0.0
        cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*
    Create a notification for this product.
    ibm mq_appliance Affected: 9.3.0.0
        cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mq_appliance",
                "vendor": "ibm",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mq_appliance",
                "vendor": "ibm",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25048",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:28:58.874065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:35:01.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:21.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7149481"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
                }
              ],
              "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-27T12:07:33.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7149481"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ code execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25048",
        "datePublished": "2024-04-27T12:07:33.519Z",
        "dateReserved": "2024-02-03T14:49:33.094Z",
        "dateUpdated": "2024-08-01T23:36:21.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25016 (GCVE-0-2024-25016)

    Vulnerability from nvd – Published: 2024-03-03 03:09 – Updated: 2024-08-01 23:36
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T15:59:06.334619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:35:38.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:21.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7123139"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.  IBM X-Force ID:  281279."
                }
              ],
              "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.  IBM X-Force ID:  281279."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-03T03:09:09.906Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7123139"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25016",
        "datePublished": "2024-03-03T03:09:09.906Z",
        "dateReserved": "2024-02-03T14:48:56.576Z",
        "dateUpdated": "2024-08-01T23:36:21.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46177 (GCVE-0-2023-46177)

    Vulnerability from nvd – Published: 2023-12-18 14:11 – Updated: 2024-08-02 20:37
    VLAI
    Title
    IBM MQ Appliance information disclosure
    Summary
    IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:39.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7091235"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T14:11:51.583Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7091235"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-46177",
        "datePublished": "2023-12-18T14:11:51.583Z",
        "dateReserved": "2023-10-17T22:30:29.595Z",
        "dateUpdated": "2024-08-02T20:37:39.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46176 (GCVE-0-2023-46176)

    Vulnerability from nvd – Published: 2023-11-03 00:06 – Updated: 2024-09-04 20:29
    VLAI
    Title
    IBM MQ privilege escalation
    Summary
    IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-424 - Improper Protection of Alternate Path
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:39.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7060769"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T20:27:15.963875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T20:29:27.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
                }
              ],
              "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-424",
                  "description": "CWE-424 Improper Protection of Alternate Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T00:06:38.556Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7060769"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-46176",
        "datePublished": "2023-11-03T00:06:38.556Z",
        "dateReserved": "2023-10-17T22:30:29.595Z",
        "dateUpdated": "2024-09-04T20:29:27.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28513 (GCVE-0-2023-28513)

    Vulnerability from nvd – Published: 2023-07-19 01:49 – Updated: 2024-10-21 15:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7007421"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7007731"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T15:34:38.689370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T15:35:56.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
                }
              ],
              "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-19T01:49:14.604Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7007421"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7007731"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-28513",
        "datePublished": "2023-07-19T01:49:14.604Z",
        "dateReserved": "2023-03-16T21:05:38.974Z",
        "dateUpdated": "2024-10-21T15:35:56.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26285 (GCVE-0-2023-26285)

    Vulnerability from nvd – Published: 2023-05-05 15:16 – Updated: 2025-01-29 16:25
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6986563"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:20:56.928957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:25:29.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data.  IBM X-Force ID:  248418."
                }
              ],
              "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data.  IBM X-Force ID:  248418."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T15:16:00.291Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6986563"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-26285",
        "datePublished": "2023-05-05T15:16:00.291Z",
        "dateReserved": "2023-02-21T13:55:50.151Z",
        "dateUpdated": "2025-01-29T16:25:29.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22874 (GCVE-0-2023-22874)

    Vulnerability from nvd – Published: 2023-05-05 14:57 – Updated: 2025-01-29 16:54
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 703 Improper Check or Handling of Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.3 CD, and 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6985901"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:48.717705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:54:55.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.3 CD, and 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216."
                }
              ],
              "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T14:57:23.735Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6985901"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-22874",
        "datePublished": "2023-05-05T14:57:23.735Z",
        "dateReserved": "2023-01-09T15:16:49.250Z",
        "dateUpdated": "2025-01-29T16:54:55.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43919 (GCVE-0-2022-43919)

    Vulnerability from nvd – Published: 2023-05-05 14:24 – Updated: 2025-01-29 16:55
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6986559"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:55:29.815686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:55:41.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.  IBM X-Force ID:  241354."
                }
              ],
              "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.  IBM X-Force ID:  241354."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T14:24:44.592Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6986559"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43919",
        "datePublished": "2023-05-05T14:24:44.592Z",
        "dateReserved": "2022-10-26T15:46:22.847Z",
        "dateUpdated": "2025-01-29T16:55:41.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-14456 (GCVE-0-2025-14456)

    Vulnerability from cvelistv5 – Published: 2026-03-03 20:42 – Updated: 2026-03-03 21:02
    VLAI
    Title
    IBM MQ Appliance uses weaker than expected cryptographic algorithms
    Summary
    IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260383 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.4 CD , ≤ 9.4.4.0 to 9.4.4.1 (semver)
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-03T21:02:31.103559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T21:02:47.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.4.0:*:*:*:*:*:*:*"
              ],
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.4.0 to 9.4.4.1",
                  "status": "affected",
                  "version": "9.4 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1\u003c/p\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T20:42:49.648Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability is addressed under known issue DT458796 IBM strongly recommends addressing the vulnerability now. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance continuous delivery release 9.4.5.0 , or later firmware."
            }
          ],
          "title": "IBM MQ Appliance uses weaker than expected cryptographic algorithms",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14456",
        "datePublished": "2026-03-03T20:42:49.648Z",
        "dateReserved": "2025-12-10T14:53:02.870Z",
        "dateUpdated": "2026-03-03T21:02:47.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3631 (GCVE-0-2025-3631)

    Vulnerability from cvelistv5 – Published: 2025-07-11 18:37 – Updated: 2025-08-18 01:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3.2.0 CD , ≤ 9.3.5.1 CD (semver)
    Affected: 9.4.0.0 , ≤ 9.4.2.1 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
        cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3.2.0 CD , ≤ 9.3.5.2 CD (semver)
    Affected: 9.4.0.0 LTS , ≤ 9.4.0.11 LTS (semver)
    Affected: 9.4.1.0 CD , ≤ 9.4.2.1 CD (semver)
        cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T18:51:57.975695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T18:52:08.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.1 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.5.2 CD",
                  "status": "affected",
                  "version": "9.3.2.0 CD",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.0.11 LTS",
                  "status": "affected",
                  "version": "9.4.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.4.2.1 CD",
                  "status": "affected",
                  "version": "9.4.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
                }
              ],
              "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:35:24.388Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7238310"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue was addressed under known issue DT435291 .\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.4 LTS\u003cbr\u003e\u003cbr\u003eApply fix pack 9.4.0.12\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.3 CD and 9.4 CD\u003cbr\u003e\u003cbr\u003eUpgrade to IBM MQ version 9.4.3\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.3 CD\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.4 LTS\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u0026nbsp;\u003cdiv\u003eIBM MQ Appliance version 9.4 CD\u003c/div\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3631",
        "datePublished": "2025-07-11T18:37:38.769Z",
        "dateReserved": "2025-04-15T09:48:13.276Z",
        "dateUpdated": "2025-08-18T01:35:24.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23225 (GCVE-0-2025-23225)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:23 – Updated: 2025-02-28 16:34
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper Handling of Missing Values
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:33:52.569307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:34:10.887Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper Handling of Missing Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:23:30.753Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183372"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-23225",
        "datePublished": "2025-02-28T02:23:30.753Z",
        "dateReserved": "2025-01-13T23:41:34.179Z",
        "dateUpdated": "2025-02-28T16:34:10.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-54173 (GCVE-0-2024-54173)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:22 – Updated: 2025-02-28 16:37
    VLAI
    Title
    IBM MQ information disclosure
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1323 - Improper Management of Sensitive Trace Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:35:01.988933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:37:38.519Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1323",
                  "description": "CWE-1323 Improper Management of Sensitive Trace Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:22:14.364Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183370"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54173",
        "datePublished": "2025-02-28T02:22:14.364Z",
        "dateReserved": "2024-11-30T14:47:41.352Z",
        "dateUpdated": "2025-02-28T16:37:38.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0975 (GCVE-0-2025-0975)

    Vulnerability from cvelistv5 – Published: 2025-02-28 02:20 – Updated: 2026-02-26 18:29
    VLAI
    Title
    IBM MQ code execution
    Summary
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T04:55:20.576392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:29:06.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters."
                }
              ],
              "value": "IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-28T02:20:36.466Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7183467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0975",
        "datePublished": "2025-02-28T02:20:36.466Z",
        "dateReserved": "2025-02-02T15:02:19.946Z",
        "dateUpdated": "2026-02-26T18:29:06.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-51471 (GCVE-0-2024-51471)

    Vulnerability from cvelistv5 – Published: 2024-12-19 17:11 – Updated: 2024-12-20 17:55
    VLAI
    Title
    IBM MQ Appliance denial of service
    Summary
    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:55:02.866568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:55:19.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:15:25.805Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178243"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51471",
        "datePublished": "2024-12-19T17:11:02.223Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-20T17:55:19.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51470 (GCVE-0-2024-51470)

    Vulnerability from cvelistv5 – Published: 2024-12-18 19:56 – Updated: 2024-12-18 20:24
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD, 9.4 LTS
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ for HPE NonStop Affected: 8.1.0 , ≤ 8.1.0.25 (semver)
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T20:24:17.133411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T20:24:38.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD, 9.4 LTS"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:mq_for_hpe_nonstop:8.1.0.25:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ for HPE NonStop",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.0.25",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM MQ\u0026nbsp;9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u0026nbsp;9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u0026nbsp;could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T19:56:10.377Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179137"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7178085"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7177593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51470",
        "datePublished": "2024-12-18T19:56:10.377Z",
        "dateReserved": "2024-10-28T10:50:18.700Z",
        "dateUpdated": "2024-12-18T20:24:38.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25048 (GCVE-0-2024-25048)

    Vulnerability from cvelistv5 – Published: 2024-04-27 12:07 – Updated: 2024-08-01 23:36
    VLAI
    Title
    IBM MQ code execution
    Summary
    IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD
    Create a notification for this product.
    ibm mq_appliance Affected: 9.3.0.0
        cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*
    Create a notification for this product.
    ibm mq_appliance Affected: 9.3.0.0
        cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mq_appliance",
                "vendor": "ibm",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mq_appliance",
                "vendor": "ibm",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25048",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:28:58.874065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:35:01.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:21.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7149481"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
                }
              ],
              "value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.  IBM X-Force ID:  283137."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-27T12:07:33.519Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7149481"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ code execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25048",
        "datePublished": "2024-04-27T12:07:33.519Z",
        "dateReserved": "2024-02-03T14:49:33.094Z",
        "dateUpdated": "2024-08-01T23:36:21.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25016 (GCVE-0-2024-25016)

    Vulnerability from cvelistv5 – Published: 2024-03-03 03:09 – Updated: 2024-08-01 23:36
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T15:59:06.334619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:35:38.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:21.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7123139"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.  IBM X-Force ID:  281279."
                }
              ],
              "value": "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.  IBM X-Force ID:  281279."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-03T03:09:09.906Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7123139"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281279"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-25016",
        "datePublished": "2024-03-03T03:09:09.906Z",
        "dateReserved": "2024-02-03T14:48:56.576Z",
        "dateUpdated": "2024-08-01T23:36:21.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46177 (GCVE-0-2023-46177)

    Vulnerability from cvelistv5 – Published: 2023-12-18 14:11 – Updated: 2024-08-02 20:37
    VLAI
    Title
    IBM MQ Appliance information disclosure
    Summary
    IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 LTS, 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:39.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7091235"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 LTS, 9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
                }
              ],
              "value": "IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system.  An attacker could send a specially crafted URL request to view arbitrary files on the system.  IBM X-Force ID:  269536."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T14:11:51.583Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7091235"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269536"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Appliance information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-46177",
        "datePublished": "2023-12-18T14:11:51.583Z",
        "dateReserved": "2023-10-17T22:30:29.595Z",
        "dateUpdated": "2024-08-02T20:37:39.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46176 (GCVE-0-2023-46176)

    Vulnerability from cvelistv5 – Published: 2023-11-03 00:06 – Updated: 2024-09-04 20:29
    VLAI
    Title
    IBM MQ privilege escalation
    Summary
    IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-424 - Improper Protection of Alternate Path
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Appliance Affected: 9.3 CD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:39.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7060769"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T20:27:15.963875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-04T20:29:27.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
                }
              ],
              "value": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-424",
                  "description": "CWE-424 Improper Protection of Alternate Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T00:06:38.556Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7060769"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-46176",
        "datePublished": "2023-11-03T00:06:38.556Z",
        "dateReserved": "2023-10-17T22:30:29.595Z",
        "dateUpdated": "2024-09-04T20:29:27.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28513 (GCVE-0-2023-28513)

    Vulnerability from cvelistv5 – Published: 2023-07-19 01:49 – Updated: 2024-10-21 15:35
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD
    Create a notification for this product.
    IBM MQ Appliance Affected: 9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:43:23.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7007421"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7007731"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T15:34:38.689370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T15:35:56.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, 9.3 CD"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MQ Appliance",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 LTS, 9.3 LTS, 9.2 CD, 9.2 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
                }
              ],
              "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.  IBM X-Force ID:  250397."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-19T01:49:14.604Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7007421"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7007731"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250397"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-28513",
        "datePublished": "2023-07-19T01:49:14.604Z",
        "dateReserved": "2023-03-16T21:05:38.974Z",
        "dateUpdated": "2024-10-21T15:35:56.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26285 (GCVE-0-2023-26285)

    Vulnerability from cvelistv5 – Published: 2023-05-05 15:16 – Updated: 2025-01-29 16:25
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6986563"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:20:56.928957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:25:29.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data.  IBM X-Force ID:  248418."
                }
              ],
              "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data.  IBM X-Force ID:  248418."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T15:16:00.291Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6986563"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248418"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-26285",
        "datePublished": "2023-05-05T15:16:00.291Z",
        "dateReserved": "2023-02-21T13:55:50.151Z",
        "dateUpdated": "2025-01-29T16:25:29.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22874 (GCVE-0-2023-22874)

    Vulnerability from cvelistv5 – Published: 2023-05-05 14:57 – Updated: 2025-01-29 16:54
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 703 Improper Check or Handling of Exceptional Conditions
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.3 CD, and 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6985901"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:54:48.717705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:54:55.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.3 CD, and 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216."
                }
              ],
              "value": "IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T14:57:23.735Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6985901"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244216"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-22874",
        "datePublished": "2023-05-05T14:57:23.735Z",
        "dateReserved": "2023-01-09T15:16:49.250Z",
        "dateUpdated": "2025-01-29T16:54:55.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43919 (GCVE-0-2022-43919)

    Vulnerability from cvelistv5 – Published: 2023-05-05 14:24 – Updated: 2025-01-29 16:55
    VLAI
    Title
    IBM MQ denial of service
    Summary
    IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6986559"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:55:29.815686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T16:55:41.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2 CD, 9.2 LTS, 9.3 CD, 9.3 LTS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.  IBM X-Force ID:  241354."
                }
              ],
              "value": "IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service.  IBM X-Force ID:  241354."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T14:24:44.592Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6986559"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241354"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43919",
        "datePublished": "2023-05-05T14:24:44.592Z",
        "dateReserved": "2022-10-26T15:46:22.847Z",
        "dateUpdated": "2025-01-29T16:55:41.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }