This page lists publicly disclosed CVE vulnerabilities affecting ibm mq (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1713 | IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | [email protected] | 5.0 | 0.01% | 2026-03-03 | 2026-03-05 |
| CVE-2025-36128 | IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | [email protected] | 7.5 | 0.10% | 2025-10-16 | 2025-10-28 |
| CVE-2025-36100 | IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. | [email protected] | 5.1 | 0.01% | 2025-09-07 | 2025-12-19 |
| CVE-2025-0985 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. | [email protected] | 5.5 | 0.10% | 2025-02-28 | 2025-09-30 |
| CVE-2024-54175 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. | [email protected] | 5.5 | 0.08% | 2025-02-28 | 2025-09-26 |
| CVE-2024-52898 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. | [email protected] | 6.2 | 0.06% | 2025-01-14 | 2025-07-03 |
| CVE-2024-52897 | IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | [email protected] | 6.2 | 0.02% | 2024-12-19 | 2025-08-19 |
| CVE-2024-52896 | IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | [email protected] | 6.2 | 0.02% | 2024-12-19 | 2025-08-19 |
| CVE-2024-35156 | IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766. | [email protected] | 6.5 | 0.10% | 2024-06-28 | 2024-11-21 |
| CVE-2024-35116 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | [email protected] | 5.9 | 0.26% | 2024-06-28 | 2024-11-21 |
| CVE-2024-35155 | IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765. | [email protected] | 6.5 | 0.06% | 2024-06-28 | 2024-11-21 |
| CVE-2024-31919 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. | [email protected] | 5.9 | 0.28% | 2024-06-28 | 2024-11-21 |
| CVE-2024-31912 | IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | [email protected] | 7.5 | 0.24% | 2024-06-28 | 2024-11-21 |
| CVE-2024-25015 | IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278. | [email protected] | 7.5 | 0.12% | 2024-05-01 | 2025-08-21 |
| CVE-2023-45177 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | [email protected] | 5.3 | 0.10% | 2024-03-20 | 2025-07-03 |
| CVE-2024-25016 | IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279. | [email protected] | 7.5 | 0.23% | 2024-03-03 | 2025-05-12 |
| CVE-2023-28513 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. | [email protected] | 5.9 | 0.06% | 2023-07-19 | 2024-11-21 |
| CVE-2023-28950 | IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | [email protected] | 5.1 | 0.03% | 2023-05-19 | 2024-11-21 |
| CVE-2023-28514 | IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | [email protected] | 6.2 | 0.05% | 2023-05-19 | 2024-11-21 |
| CVE-2022-42436 | IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | [email protected] | 4.0 | 0.05% | 2023-02-12 | 2024-11-21 |