Every CVE whose affected-product data names Ibm Websphere Mq, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (89)
CVE-2009-0896 — CVSS 10.0 (critical): Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute…
CVE-2007-6044 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption."…
CVE-2020-4682 — CVSS 9.8 (critical): IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe…
CVE-2018-1998 — CVSS 8.8 (high): IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to…
CVE-2009-3160 — CVSS 8.8 (high): IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is…
CVE-2018-1792 — CVSS 8.8 (high): IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject…
CVE-2017-1145 — CVSS 8.6 (high): IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a…
CVE-2017-1337 — CVSS 8.1 (high): IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
CVE-2019-4078 — CVSS 7.8 (high): IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an…
CVE-2009-3159 — CVSS 7.8 (high): Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause…
CVE-2017-1612 — CVSS 7.8 (high): IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID…
CVE-2009-3161 — CVSS 7.8 (high): The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have…
CVE-2012-2201 — CVSS 7.5 (high): IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this…
CVE-2018-1388 — CVSS 7.5 (high): GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
CVE-2020-4310 — CVSS 7.5 (high): IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the…
CVE-2016-0260 — CVSS 7.5 (high): Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap…
CVE-2018-1974 — CVSS 7.5 (high): IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM…
CVE-2009-0439 — CVSS 7.2 (high): Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users…
CVE-2017-1760 — CVSS 7.1 (high): IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information…
CVE-2011-0310 — CVSS 6.8 (medium): Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2012-3294 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and…
CVE-2008-1130 — CVSS 6.6 (medium): Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access…
CVE-2016-8986 — CVSS 6.5 (medium): IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted…
CVE-2017-1433 — CVSS 6.5 (medium): IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which…
CVE-2018-1371 — CVSS 6.5 (medium): An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process…
CVE-2019-4656 — CVSS 6.5 (medium): IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an…
CVE-2011-0314 — CVSS 6.5 (medium): Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute…
CVE-2019-4261 — CVSS 6.5 (medium): IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack…
CVE-2019-4141 — CVSS 6.5 (medium): IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a…
CVE-2014-4793 — CVSS 6.5 (medium): IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances…
CVE-2016-3013 — CVSS 6.5 (medium): IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #…
CVE-2016-8915 — CVSS 6.5 (medium): IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels…
CVE-2016-8971 — CVSS 6.5 (medium): IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in…
CVE-2017-1285 — CVSS 6.5 (medium): IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a…
CVE-2017-1235 — CVSS 6.5 (medium): IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could…
CVE-2017-1236 — CVSS 6.5 (medium): IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status…
CVE-2018-1925 — CVSS 5.9 (medium): IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2018-1543 — CVSS 5.9 (medium): IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the…
CVE-2016-3052 — CVSS 5.9 (medium): Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted…
CVE-2021-38949 — CVSS 5.5 (medium): IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force…
CVE-2016-6089 — CVSS 5.5 (medium): IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access…
CVE-2019-4719 — CVSS 5.5 (medium): IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by…
CVE-2019-4619 — CVSS 5.5 (medium): IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by…
CVE-2019-4039 — CVSS 5.5 (medium): IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the…
CVE-2017-1786 — CVSS 5.3 (medium): IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all…
CVE-2017-1747 — CVSS 5.3 (medium): A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4…
CVE-2015-1957 — CVSS 5.3 (medium): IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a…
CVE-2018-1684 — CVSS 5.3 (medium): IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM…
CVE-2017-1117 — CVSS 5.3 (medium): IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM…
CVE-2018-1374 — CVSS 5.3 (medium): An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4)…
CVE-2015-2013 — CVSS 5.0 (medium): IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a…
CVE-2012-2199 — CVSS 5.0 (medium): The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris…
CVE-2017-1284 — CVSS 4.7 (medium): IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from…
CVE-2013-3028 — CVSS 4.6 (medium): Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on…
CVE-2008-1592 — CVSS 4.6 (medium): MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for…
CVE-2015-7462 — CVSS 4.4 (medium): IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output…
CVE-2017-1283 — CVSS 4.3 (medium): IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which…
CVE-2010-0780 — CVSS 4.3 (medium): IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection…
CVE-2010-0782 — CVSS 4.3 (medium): IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or…
CVE-2010-2637 — CVSS 4.3 (medium): IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field…
CVE-2011-1224 — CVSS 4.3 (medium): IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which…
CVE-2012-3295 — CVSS 4.3 (medium): IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain…
CVE-2013-4054 — CVSS 4.3 (medium): Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files…
CVE-2014-0911 — CVSS 4.3 (medium): inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU…
CVE-2014-6116 — CVSS 4.3 (medium): The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the…
CVE-2015-0176 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote…
CVE-2015-1967 — CVSS 4.3 (medium): MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote…
CVE-2017-1557 — CVSS 4.3 (medium): IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a…
CVE-2018-1503 — CVSS 4.3 (medium): IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause…
CVE-2009-0900 — CVSS 4.1 (medium): Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain…
CVE-2015-0189 — CVSS 4.0 (medium): The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to…
CVE-2015-2012 — CVSS 4.0 (medium): The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable…
CVE-2010-0772 — CVSS 4.0 (medium): Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial…
CVE-2010-2638 — CVSS 4.0 (medium): Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk…
CVE-2018-1419 — CVSS 3.7 (low): IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ…
CVE-2017-1341 — CVSS 3.7 (low): IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been…
CVE-2014-4771 — CVSS 3.5 (low): IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to…
CVE-2012-2206 — CVSS 3.5 (low): The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of…
CVE-2017-1699 — CVSS 3.3 (low): IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this…
CVE-2007-6705 — CVSS 3.3 (low): The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the…
CVE-2016-0379 — CVSS 3.1 (low): IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a…
CVE-2018-1551 — CVSS 3.1 (low): IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an…
CVE-2016-9009 — CVSS 3.1 (low): IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ…
CVE-2015-7473 — CVSS 2.5 (low): runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by…
CVE-2016-0259 — CVSS 2.5 (low): runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive…
CVE-2011-1378 — CVSS 1.9 (low): IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File…
CVE-2014-4822 — CVSS 1.9 (low): IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow…
CVE-2009-0905 — CVSS 1.7 (low): IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain…