) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-3052 |
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. Published: February 22, 2017; 2:59:00 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-3013 |
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. Published: February 22, 2017; 2:59:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2015-0176 |
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response. Published: April 27, 2015; 7:59:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2009-0905 |
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. Published: October 30, 2011; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 1.7 LOW |
| CVE-2009-0900 |
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file. Published: October 30, 2011; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.1 MEDIUM |
| CVE-2011-1224 |
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. Published: July 07, 2011; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2011-0314 |
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. Published: January 11, 2011; 8:00:02 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
| CVE-2010-2637 |
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. Published: November 12, 2010; 4:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2010-0782 |
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. Published: October 20, 2010; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2009-3160 |
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. Published: September 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 8.8 HIGH |
| CVE-2009-0896 |
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. Published: June 03, 2009; 1:00:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |