IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM WebSphere Remote Server | 9.1, 9.0 |
IBM strongly recommends addressing the vulnerability now. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM MQ which is shipped with IBM WebSphere Remote Server.
Principal Product and Version(s)
|
Affected Supporting Product and Version
|
Affected Supporting Product Security Bulletin
—|—|—
IBM WebSphere Remote Server
9.0, 9.1
|
IBM MQ
9.2 LTS
9.3 LTS
9.3 CD
|
IBM MQ is vulnerable to an issue in follow-redirects due to open redirect (CVE-2023-26159)
IBM WebSphere Remote Server
9.0, 9.1
|
IBM MQ
9.2 LTS
9.3 LTS
9.3 CD
|
IBM MQ Internet Pass-Thru is vulnerable to a denial of service issue (CVE-2024-25015)
|
IBM MQ
9.0 LTS
9.1 LTS
9.2 LTS
9.3 LTS
9.3 CD
|
IBM MQ is vulnerable to a buffer overflow (CVE-2024-25048)
IBM WebSphere Remote Server
9.0, 9.1
|
IBM MQ
9.0 LTS
9.1 LTS
9.2 LTS
9.2 LTS
9.3 CD
|
IBM WebSphere Remote Server
9.0, 9.1
|
IBM MQ
9.0 LTS
9.1 LTS
9.2 LTS
9.2 LTS
|
IBM WebSphere Remote Server
9.0, 9.1
|
IBM MQ
9.3 CD
|
IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-20952)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm websphere remote server | eq | 9.1 | |
ibm websphere remote server | eq | 9.0 |