Ibm: >> Websphere Mq >> 7.0.1.10 Security Vulnerabilities
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-07
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-09
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-02-22
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-02-22
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.
CVSS Score
5.0
EPSS Score
0.006
Published
2015-09-14
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-04-27
IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.
CVSS Score
3.5
EPSS Score
0.004
Published
2015-02-13
Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
CVSS Score
4.6
EPSS Score
0.001
Published
2013-07-02