This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2007-11-20
Product Websphere Mq Last view 2020-06-16
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:* 37
cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:* 36
cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:* 36
cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:* 35
cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:* 35
cpe:2.3:a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:* 34
cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:* 33
cpe:2.3:a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:* 33
cpe:2.3:a:ibm:websphere_mq:7.5:*:*:*:*:*:*:* 33
cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:* 33
cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:* 33
cpe:2.3:a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:* 32
cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:* 32
cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:* 32
cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:* 31
cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:* 31
cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:* 31
cpe:2.3:a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:* 29
cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:* 29
cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:* 29
cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:* 29
cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:* 28
cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:* 28
cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.1:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:5.3:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.1.0.4:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.0.1.12:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:7.0.1.11:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:websphere_mq:6.0.2.9:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:websphere_mq:5.3.1:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:websphere_mq:6:*:*:*:*:*:*:* 24

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-06-16 CVE-2020-4310

IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.

5.5 2020-03-16 CVE-2019-4719

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

6.5 2020-03-16 CVE-2019-4656

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.

5.5 2020-03-16 CVE-2019-4619

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

6.5 2020-01-23 CVE-2012-4863

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

6.5 2019-09-27 CVE-2019-4141

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.

6.5 2019-08-05 CVE-2019-4261

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.

7.8 2019-05-23 CVE-2019-4078

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.

5.5 2019-05-23 CVE-2019-4039

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.

5.9 2019-04-15 CVE-2018-1925

IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.

7.8 2019-03-11 CVE-2018-1998

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.

7.5 2019-03-11 CVE-2018-1974

IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.

7.8 2018-11-13 CVE-2018-1792

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.

6.5 2018-11-08 CVE-2018-1684

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.

7.5 2018-08-06 CVE-2018-1551

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

4.3 2018-07-23 CVE-2018-1503

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.

5.9 2018-06-27 CVE-2018-1543

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.

6.5 2018-06-26 CVE-2018-1374

An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.

5.3 2018-06-15 CVE-2018-1419

IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.

5.3 2018-04-23 CVE-2017-1786

IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.

6.5 2018-04-17 CVE-2018-1371

An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.

5.3 2018-04-10 CVE-2015-1957

IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.

6.5 2018-03-30 CVE-2017-1747

A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.

7.5 2018-02-07 CVE-2018-1388

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.

7.8 2018-01-09 CVE-2017-1612

IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.

CWE : Common Weakness Enumeration

%idName
13% (10) CWE-264 Permissions, Privileges, and Access Controls
13% (10) CWE-200 Information Exposure
13% (10) CWE-20 Improper Input Validation
11% (8) CWE-399 Resource Management Errors
8% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (4) CWE-284 Access Control (Authorization) Issues
4% (3) CWE-255 Credentials Management
2% (2) CWE-772 Missing Release of Resource after Effective Lifetime
2% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (2) CWE-287 Improper Authentication
2% (2) CWE-19 Data Handling
1% (1) CWE-532 Information Leak Through Log Files
1% (1) CWE-522 Insufficiently Protected Credentials
1% (1) CWE-404 Improper Resource Shutdown or Release
1% (1) CWE-352 Cross-Site Request Forgery (CSRF)
1% (1) CWE-326 Inadequate Encryption Strength
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-295 Certificate Issues
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-234 Hijacking a privileged process

Open Source Vulnerability Database (OSVDB)

id Description
77174 IBM WebSphere MQ Control Command Local Access Restriction Bypass
76970 IBM WebSphere MQ Stopped Queue Manager Connection Saturation Remote DoS
76874 IBM WebSphere MQ SSL Information Client Channel Definition Table (CCDT) File ...
76873 IBM WebSphere MQ Long Group Name Parsing Local Privilege Escalation
73704 IBM WebSphere MQ CDP Certificate Extension Revoked Certificate MiTM SSL Partn...
70476 IBM WebSphere MQ Crafted Message Header Field Remote Overflow
70385 IBM WebSphere MQ Invalid Queue Message Overflow
69252 IBM WebSphere MQ Unspecified Disk Consumption Remote DoS
69229 IBM WebSphere MQ Security Parameters Field Cleartext Credentials Weakness
68754 IBM WebSphere MQ X.509 Certificate Crafted Subject Distinguished Name (DN) Sp...
64122 IBM WebSphere MQ Channel Process Incorrect Control Data Remote DoS
57841 IBM WebSphere MQ Malformed Data Handling Remote DoS
57840 IBM WebSphere MQ Asynchronous Consume / readahead Functionality Unspecified M...
57839 IBM WebSphere MQ rriDecompress Unspecified Remote DoS
55061 IBM WebSphere MQ Queue Manager Crafted Request Remote Overflow
52297 IBM WebSphere MQ (WMQ) Queue Manager Multiple Authorization Command Local Pri...
45302 IBM WebSphere MQ Multiple Unspecified Remote Issues
44687 IBM WebSphere MQ MQSeries runmqsc Access Restriction Bypass
43167 IBM WebSphere MQ XA PROCESS_DUP_HANDLE Arbitrary Process Hijacking Local Priv...
42362 IBM WebSphere SVRCONN MQ Client Queue Manager Security Bypass

Nessus® Vulnerability Scanner

id Description
2017-12-07 Name: A message queuing service installed on the remote host is affected by multipl...
File: websphere_mq_swg22005525.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: A message queuing service installed on the remote host is affected by multipl...
File: websphere_mq_swg22003851.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: A message queuing application installed on the remote Windows host is affecte...
File: websphere_mq_8003.nasl - Type: ACT_GATHER_INFO
2017-03-03 Name: A message queuing service installed on the remote host is affected by multipl...
File: websphere_mq_swg21983457.nasl - Type: ACT_GATHER_INFO
2015-05-15 Name: The remote Windows host has a service installed that is affected by a cross-s...
File: websphere_mq_swg21699549.nasl - Type: ACT_GATHER_INFO
2015-05-08 Name: The remote Windows host has a service installed that is affected by a denial ...
File: websphere_mq_swg21696120.nasl - Type: ACT_GATHER_INFO
2014-05-19 Name: The remote Windows host has a service installed that is affected by multiple ...
File: websphere_mq_7503.nasl - Type: ACT_GATHER_INFO
2012-11-29 Name: The remote Windows host has a service installed that is affected by multiple ...
File: websphere_mq_7100_7102.nasl - Type: ACT_GATHER_INFO
2012-11-16 Name: The remote Windows host has a service installed that does not encrypt usernam...
File: websphere_mq_6029_7011.nasl - Type: ACT_GATHER_INFO
2012-09-17 Name: The remote Windows host has a service installed that is affected by a securit...
File: websphere_mq_7101.nasl - Type: ACT_GATHER_INFO
2012-01-27 Name: The remote Windows host has a service installed that is affected by a remote ...
File: websphere_mq_6027_7010.nasl - Type: ACT_GATHER_INFO
2012-01-27 Name: The remote Windows host has a service installed that is affected by a privile...
File: websphere_mq_client_6027_7010.nasl - Type: ACT_GATHER_INFO