threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm mq appliance
Product
ibm mq appliance
48 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-14456
>= 9.4.4.0 and < 9.4.5.0
IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
5.9
MEDIUM
CVE-2025-3631
>= 9.3.2 and <= 9.3.5.2
An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
6.5
MEDIUM
CVE-2025-23225
<= 9.4.2
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper han
6.5
MEDIUM
CVE-2025-0975
>= 9.3.0 and <= 9.4.2
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralizati
8.8
HIGH
CVE-2024-54173
< 9.4.2
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local
4.7
MEDIUM
CVE-2024-51471
>= 9.3.0.0 and <= 9.4.0.7
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when tra
5.3
MEDIUM
CVE-2024-51470
>= 9.4.0.0 and < 9.4.0.7
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop
6.5
MEDIUM
CVE-2024-25048
>= 9.3.0.0 and < 9.3.5
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authe
7.5
HIGH
CVE-2024-25016
>= 9.3.0.0 and <= 9.3.5.0
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of s
7.5
HIGH
CVE-2023-46177
all versions
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a
6.5
MEDIUM
CVE-2023-46176
all versions
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of s
6.7
MEDIUM
CVE-2023-28513
all versions
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under ce
5.9
MEDIUM
CVE-2023-26285
>= 9.2.0.0 and < 9.2.5.7
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing
5.9
MEDIUM
CVE-2023-22874
>= 9.2.0.0 and < 9.3.2
IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM
5.5
MEDIUM
CVE-2022-43919
>= 9.2.0.0 and < 9.2.5.7
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a
5.3
MEDIUM
CVE-2022-43902
>= 9.2.0.0 and < 9.2.5
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC me
6.5
MEDIUM
CVE-2022-40230
all versions
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated
6.5
MEDIUM
CVE-2022-22356
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in v
6.5
MEDIUM
CVE-2022-22355
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could al
5.3
MEDIUM
CVE-2022-22316
>= 9.2.0.0 and < 9.2.5
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrect
6.5
MEDIUM
CVE-2021-39000
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data wi
5.5
MEDIUM
CVE-2021-38999
all versions
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
5.5
MEDIUM
CVE-2021-38967
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 2124
6.7
MEDIUM
CVE-2021-38958
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 21204
5.5
MEDIUM
CVE-2021-29843
>= 9.1.0.0 and < 9.2.3
IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message prope
6.5
MEDIUM
CVE-2020-4938
>= 9.1 and < 9.2.2
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and un
8.8
HIGH
CVE-2020-4682
all versions
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an
9.8
CRITICAL
CVE-2020-4869
all versions
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could sen
6.5
MEDIUM
CVE-2020-4592
all versions
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attac
6.5
MEDIUM
CVE-2020-4465
>= 8.0 and < 8.0.0.15
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due
6.5
MEDIUM
CVE-2020-4375
>= 8.0 and < 8.0.0.15
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due
7.5
HIGH
CVE-2020-4319
>= 8.0 and < 8.0.0.15
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenti
4.3
MEDIUM
CVE-2019-4731
all versions
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data withi
5.5
MEDIUM
CVE-2020-4498
>= 9.1.0.0 and < 9.2.0.0
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of
4.4
MEDIUM
CVE-2020-4267
>= 9.1.0 and < 9.1.5
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak.
6.5
MEDIUM
CVE-2019-4719
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive informati
5.5
MEDIUM
CVE-2019-4656
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would all
6.5
MEDIUM
CVE-2019-4619
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive informati
5.5
MEDIUM
CVE-2019-4620
>= 8.0.0.0 and < 8.0.0.14
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of env
7.8
HIGH
CVE-2019-4614
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by
6.5
MEDIUM
CVE-2019-4568
>= 8.0.0.0 and < 8.0.0.14
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial
5.9
MEDIUM
CVE-2019-4655
>= 9.1.0 and < 9.1.4
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an
4.3
MEDIUM
CVE-2019-4560
>= 8.0.0.0 and < 8.0.0.13
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels proce
6.5
MEDIUM
CVE-2019-4294
>= 8.0.0.0 and <= 8.0.0.12
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0
7.8
HIGH
CVE-2019-4055
>= 8.0.0.0 and <= 8.0.0.10
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack wi
7.5
HIGH
CVE-2018-1652
>= 8.0.0.0 and <= 8.0.0.8
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2
6.2
MEDIUM
CVE-2018-1429
all versions
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2017-1318
all versions
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, cau
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin