Ibm Mq Appliance
34 CVEs affecting Ibm Mq Appliance. Latest disclosed: 2026-03-03. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1318 | High | 8.8 | 2017-07-18 | IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM… |
CVE-2019-4620 | High | 8.4 | 2020-01-28 | IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-For… |
CVE-2019-4294 | High | 8.4 | 2019-08-20 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1… |
CVE-2021-38967 | High | 8.2 | 2021-11-30 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. |
CVE-2024-25048 | High | 7.5 | 2024-04-27 | IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overf… |
CVE-2023-46176 | Medium | 6.7 | 2023-11-03 | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID… |
CVE-2025-3631 | Medium | 6.5 | 2025-07-11 | An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. |
CVE-2024-51470 | Medium | 6.5 | 2024-12-18 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could a… |
CVE-2023-46177 | Medium | 6.5 | 2023-12-18 | IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL reques… |
CVE-2020-4931 | Medium | 6.5 | 2021-02-24 | IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-For… |
CVE-2018-1652 | Medium | 6.2 | 2018-12-11 | IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0… |
CVE-2023-28513 | Medium | 5.9 | 2023-07-19 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vuln… |
CVE-2021-39000 | Medium | 5.9 | 2021-11-30 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force… |
CVE-2020-4870 | Medium | 5.9 | 2020-12-21 | IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. |
CVE-2020-4375 | Medium | 5.9 | 2020-07-28 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by a… |
CVE-2021-38986 | Medium | 5.6 | 2022-03-01 | IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system… |
CVE-2018-1429 | Medium | 5.4 | 2018-03-23 | IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2024-51471 | Medium | 5.3 | 2024-12-19 | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to informati… |
CVE-2022-22356 | Medium | 5.3 | 2022-04-05 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attemp… |
CVE-2022-22355 | Medium | 5.3 | 2022-04-05 | IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a dr… |