IBM MQ 9.1.0.0 LTS Edition

CPE Details

IBM MQ 9.1.0.0 LTS Edition
ibm
mq
9.1.0.0
2019-09-10
10h59 +00:00
2019-09-10
10h59 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*

Informations

Vendor

ibm

Product

mq

Version

9.1.0.0

Software Edition

lts

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-35116 2024-06-28 18h20 +00:00 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
7.5
High
CVE-2024-31919 2024-06-28 17h34 +00:00 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.
7.5
High
CVE-2023-28513 2023-07-19 01h49 +00:00 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.
7.5
High
CVE-2023-28950 2023-05-19 15h20 +00:00 IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
5.5
Medium
CVE-2023-28514 2023-05-19 14h43 +00:00 IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
6.2
Medium
CVE-2022-42436 2023-02-08 19h28 +00:00 IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
4
Medium
CVE-2022-31772 2022-11-11 18h56 +00:00 IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.
6.5
Medium
CVE-2022-22489 2022-08-19 18h50 +00:00 IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.
9.1
Critical
CVE-2021-39034 2022-02-17 16h30 +00:00 IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.
7.5
High
CVE-2021-38875 2021-11-23 19h15 +00:00 IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
6.5
Medium
CVE-2021-38949 2021-11-16 16h55 +00:00 IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
5.5
Medium
CVE-2020-4931 2021-02-24 17h20 +00:00 IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
6.5
Medium
CVE-2020-4682 2021-01-28 12h55 +00:00 IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
9.8
Critical
CVE-2020-4320 2020-06-16 13h45 +00:00 IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
6.5
Medium
CVE-2020-4310 2020-06-16 13h45 +00:00 IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.
7.5
High
CVE-2020-4267 2020-04-24 15h50 +00:00 IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
6.5
Medium
CVE-2019-4762 2020-04-16 15h35 +00:00 IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.
7.5
High
CVE-2019-4719 2020-03-16 15h25 +00:00 IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.
5.5
Medium
CVE-2019-4656 2020-03-16 15h25 +00:00 IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.
6.5
Medium
CVE-2019-4619 2020-03-16 15h25 +00:00 IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
5.5
Medium
CVE-2019-4614 2020-01-28 18h30 +00:00 IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.
6.5
Medium
CVE-2019-4655 2019-12-30 15h35 +00:00 IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.
4.3
Medium
CVE-2019-4227 2019-10-04 14h05 +00:00 IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
7.3
High
CVE-2019-4378 2019-09-26 15h05 +00:00 IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
6.5
Medium
CVE-2019-4049 2019-08-20 18h25 +00:00 IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
5.5
Medium
CVE-2019-4261 2019-08-05 13h40 +00:00 IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
6.5
Medium
CVE-2019-4055 2019-04-19 16h20 +00:00 IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
7.5
High
CVE-2018-1836 2019-03-19 13h50 +00:00 IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.
5.4
Medium
CVE-2018-1883 2018-12-07 16h00 +00:00 A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.
7.5
High