Ibm: >> Websphere Mq >> 7.0 Security Vulnerabilities
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-02-22
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-02-22
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-04-27
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
CVSS Score
4.6
EPSS Score
0.001
Published
2013-07-02
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
CVSS Score
3.5
EPSS Score
0.077
Published
2012-08-17
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
CVSS Score
6.8
EPSS Score
0.003
Published
2012-08-17
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
CVSS Score
4.1
EPSS Score
0.0
Published
2011-10-30
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
CVSS Score
1.7
EPSS Score
0.0
Published
2011-10-30
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
CVSS Score
4.3
EPSS Score
0.006
Published
2011-10-29
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
CVSS Score
4.3
EPSS Score
0.001
Published
2011-07-07
Page 1