Ibm Mq
83 CVEs affecting Ibm Mq. Latest disclosed: 2026-03-03. Critical: 0, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0975 | High | 8.8 | 2025-02-28 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. |
CVE-2018-1998 | High | 8.8 | 2019-03-11 | IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix fo… |
CVE-2018-1792 | High | 8.8 | 2018-11-13 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be exec… |
CVE-2022-22489 | High | 8.2 | 2022-08-19 | IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attack… |
CVE-2020-4682 | High | 8.1 | 2021-01-28 | IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of tr… |
CVE-2017-1337 | High | 8.1 | 2017-07-10 | IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. |
CVE-2025-36128 | High | 7.5 | 2025-10-16 | IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations… |
CVE-2024-40681 | High | 7.5 | 2024-09-07 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions… |
CVE-2024-31912 | High | 7.5 | 2024-06-28 | IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. I… |
CVE-2024-25015 | High | 7.5 | 2024-05-01 | IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all a… |
CVE-2024-25016 | High | 7.5 | 2024-03-03 | IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffe… |
CVE-2019-4055 | High | 7.5 | 2019-04-19 | IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiatio… |
CVE-2018-1974 | High | 7.5 | 2019-03-11 | IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. |
CVE-2019-4078 | High | 7.4 | 2019-05-23 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect… |
CVE-2017-1760 | High | 7.1 | 2017-12-11 | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 1264… |
CVE-2025-3631 | Medium | 6.5 | 2025-07-11 | An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. |
CVE-2025-23225 | Medium | 6.5 | 2025-02-28 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent… |
CVE-2024-51470 | Medium | 6.5 | 2024-12-18 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could a… |
CVE-2024-35156 | Medium | 6.5 | 2024-06-28 | IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Th… |
CVE-2024-35155 | Medium | 6.5 | 2024-06-28 | IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is retur… |