threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm mq
Product
ibm mq
48 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-1713
>= 9.3.0.0 and < 9.4.5.0
IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.
5.0
MEDIUM
CVE-2025-36128
all versions
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout
7.5
HIGH
CVE-2025-36100
>= 9.3.0.0 and <= 9.3.5.1
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD
5.1
MEDIUM
CVE-2025-0985
all versions
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obta
5.5
MEDIUM
CVE-2024-54175
all versions
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for u
5.5
MEDIUM
CVE-2024-52898
>= 9.3.0 and <= 9.4.1.1
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed t
6.2
MEDIUM
CVE-2024-52897
>= 9.3.0 and < 9.4.1
IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information whe
6.2
MEDIUM
CVE-2024-52896
>= 9.3.0 and < 9.4.1.1
IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information whe
6.2
MEDIUM
CVE-2024-35156
>= 9.3.0.0 and < 9.4.0.0
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is
6.5
MEDIUM
CVE-2024-35116
>= 9.3.0.0 and < 9.4.0.0
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying conf
5.9
MEDIUM
CVE-2024-35155
all versions
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed tec
6.5
MEDIUM
CVE-2024-31919
all versions
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack cause
5.9
MEDIUM
CVE-2024-31912
all versions
IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incor
7.5
HIGH
CVE-2024-25015
>= 9.3.0 and < 9.3.5
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requ
7.5
HIGH
CVE-2023-45177
>= 9.3.0 and < 9.3.4
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clu
5.3
MEDIUM
CVE-2024-25016
>= 9.0.0.0 and < 9.0.0.23
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of s
7.5
HIGH
CVE-2023-28513
all versions
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under ce
5.9
MEDIUM
CVE-2023-28950
all versions
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enab
5.1
MEDIUM
CVE-2023-28514
all versions
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error messa
6.2
MEDIUM
CVE-2022-42436
all versions
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagn
4.0
MEDIUM
CVE-2022-31772
all versions
IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of se
5.3
MEDIUM
CVE-2022-22489
all versions
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when process
9.1
CRITICAL
CVE-2022-22321
>= 9.2.0 and < 9.2.5
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X
5.5
MEDIUM
CVE-2021-38986
>= 9.2.0 and < 9.2.5
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonat
5.4
MEDIUM
CVE-2021-39034
>= 9.1.0.0 and <= 9.1.0.9
IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.
7.5
HIGH
CVE-2021-38875
all versions
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processin
6.5
MEDIUM
CVE-2021-38949
>= 8.0.0.0 and < 8.0.0.14
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X
5.5
MEDIUM
CVE-2020-4931
all versions
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue p
6.5
MEDIUM
CVE-2020-4682
all versions
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an
9.8
CRITICAL
CVE-2020-4870
all versions
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Fo
7.5
HIGH
CVE-2020-4320
>= 8.0.0.0 and < 8.0.0.15
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the c
6.5
MEDIUM
CVE-2020-4310
>= 8.0.0.0 and < 8.0.0.15
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error wi
7.5
HIGH
CVE-2020-4267
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak.
6.5
MEDIUM
CVE-2020-4338
>= 9.1.0 and < 9.1.5
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM
5.5
MEDIUM
CVE-2019-4762
>= 9.1.0 and < 9.1.5
IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID:
7.5
HIGH
CVE-2019-4719
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive informati
5.5
MEDIUM
CVE-2019-4656
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would all
6.5
MEDIUM
CVE-2019-4619
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive informati
5.5
MEDIUM
CVE-2019-4614
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by
6.5
MEDIUM
CVE-2019-4568
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial
5.9
MEDIUM
CVE-2019-4655
>= 9.1.0 and < 9.1.4
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an
4.3
MEDIUM
CVE-2019-4227
>= 8.0.0.4 and <= 8.0.0.12
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user
7.3
HIGH
CVE-2019-4378
>= 7.1.0.0 and <= 7.1.0.9
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command s
6.5
MEDIUM
CVE-2019-4049
>= 9.1.0 and <= 9.1.1
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the dis
5.5
MEDIUM
CVE-2019-4261
>= 8.0.0.0 and <= 8.0.0.11
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service a
6.5
MEDIUM
CVE-2019-4055
>= 8.0.0.0 and <= 8.0.0.10
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack wi
7.5
HIGH
CVE-2018-1836
>= 9.0.2 and <= 9.0.5
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerabilit
5.4
MEDIUM
CVE-2018-1883
>= 9.0.2 and <= 9.0.5
A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin