XLinkedIn
1 973-826-7406|info@AvadaSoftware.com

Most Recent Security Vulnerabilities for IBM MQ

By |Published On: July 14th, 2022|4 min read|
Table of Contents

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35603)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

Vulnerability Details

CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2021-35550)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

 

Vulnerability Details

CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

 

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM® Runtime Environment Java™ Technology Edition, Version 7. (CVE-2022-21496)

Summary

IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 used by IBM MQ Internet Pass-Thru.

Vulnerability Details

CVEID: CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM WebSphere Internet Pass-Thru 2.1 […]

 

Click here to view original web page at www.ibm.com

 

IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Version 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary

Multiple issues were identified with the version of IBM® Runtime Environment Java™ Technology Edition that is shipped with IBM MQ that affect IBM MQ.

Vulnerability Details

CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:

CVE-2022-21305 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:

CVE-2022-21291 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID:

CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions Affected Product(s) Version(s) IBM MQ 9.1 LTS IBM MQ 9.0 LTS IBM MQ 8.0 IBM MQ 9.2 CD IBM MQ 9.1 CD IBM MQ 9.2 LTS […]

 

Click here to view original web page at www.ibm.com

 

When assessing vulnerability risks you need to include an Inside-Out approach. Infrared360 can help you mitigate inside-out IBM MQ vulnerabilities, and all your middleware inside-out vulnerabilities – while giving your middleware team smarter, easier, tools for optimizing performance and meeting SLAs. Check out the information below or our Infrared360 overview.

Articles & Papers

Securing Modern IBM MQ® Environments

Empowering Infrastructure Architects: Ensuring Resilience in Middleware Architectures for Modern Enterprises

Overcome the Challenges of Moving Core Banking and Transaction Processing to the Cloud

Secure the Edge with IBM® DataPower® Gateway Appliance

5 Challenges & Solutions When Modernizing Your Middleware Infrastructure

Proactive vs. Forensic – Middleware – Health Monitoring

Seven Middleware Challenges You Must Overcome Before Your Cloud Migration

Monitoring Widely Distributed Environments Without Losing Focus

eBook: Inside IBM MQ Deployment Choices

Contain Costs and Mitigate Risks of Transactions on the Middleware Superhighway

Case Studies

How Sabre Corporation Optimized IBM MQ with Infrared360® to Deliver Exceptional Service and Maximize Profitability

Parker Hannifin Improves Efficiencies Across Business Units with Infrared360® and Trusted Spaces™

Alight Implements Secure, Holistic Self-Service Messaging

Sompo International Builds Business Platform Optimization with SOAP and REST Monitoring

The power of a healthy network: Visiting Nurse Service of New York harnesses IBM, partner technology to streamline patient care.

Video

The Business Case for Modernizing Your MQ Estate Today

Improving Productivity Through Smart, Safe Self-Service

Managing Middleware in Hybrid Cloud

Integrating Data in the Cloud with IBM App Connect

Transforming Your IBM MQ Estate Using Containers

Integration Modernization Lessons Learned

IBM MQ: Enterprise-wide Integration for Modern Distributed Environments

Understanding External Influences on Your Integration Strategy and Direction

Analyst Reports

Peer Reviews for Infrared360®

Avada Software Named a Most Promising IBM Solution Provider for 2023

Avada Software named one of Most Promising IBM Solutions Providers for 2022

A Systems Integrator and Services Provider Cuts Costs, Creates New Revenue Streams While Improving Service Delivery

Infrared360 named one of CIOReview’s 20 Most Promising APM Solution Providers

Analyst Report: Managing an IBM MQ Environment at USBank

CIO Feedback/Data Sheet

Related Posts

Securing IBM MQ in Kubernetes
Securing IBM MQ in Kubernetes
Gallery

Securing IBM MQ in Kubernetes

May 5th, 2025
Better ActiveMQ Performance Testing with Synthetic Transactions
Better ActiveMQ Performance Testing with Synthetic Transactions
Gallery

Better ActiveMQ Performance Testing with Synthetic Transactions

April 29th, 2025
Efficiently Integrating Systems from Mergers & Acquisitions
Efficiently Integrating Systems from Mergers & Acquisitions
Gallery

Efficiently Integrating Systems from Mergers & Acquisitions

January 23rd, 2025
Secure Remote Access to Transactional Middleware Environments
Secure Remote Access to Transactional Middleware Environments
Gallery

Secure Remote Access to Transactional Middleware Environments

January 21st, 2025
4 Middleware Architecture Tips You Didn’t Know About
4 Middleware Architecture Tips You Didn’t Know About
Gallery

4 Middleware Architecture Tips You Didn’t Know About

January 10th, 2025
Enhanced Troubleshooting in IBM WebSphere Application Server
Enhanced Troubleshooting in IBM WebSphere Application Server
Gallery

Enhanced Troubleshooting in IBM WebSphere Application Server

December 4th, 2024
ActiveMQ vs. RabbitMQ Security Features and Best Practices
ActiveMQ vs. RabbitMQ Security Features and Best Practices
Gallery

ActiveMQ vs. RabbitMQ Security Features and Best Practices

November 27th, 2024
Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360
Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360
Gallery

Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360

November 20th, 2024
Critical ReDoS and SSRF ACE Vulnerabilities Addressed
Critical ReDoS and SSRF ACE Vulnerabilities Addressed
Gallery

Critical ReDoS and SSRF ACE Vulnerabilities Addressed

November 20th, 2024
Webinar: Maximize the value of your data by integrating IBM MQ and IBM Event Automation
Webinar: Maximize the value of your data by integrating IBM MQ and IBM Event Automation
Gallery

Webinar: Maximize the value of your data by integrating IBM MQ and IBM Event Automation

November 18th, 2024

More Infrared360® Resources

Articles & Papers

Overcome the Challenges of Moving Core Banking and Transaction Processing to the Cloud

Secure the Edge with IBM® DataPower® Gateway Appliance

5 Challenges & Solutions When Modernizing Your Middleware Infrastructure

Proactive vs. Forensic – Middleware – Health Monitoring

Seven Middleware Challenges You Must Overcome Before Your Cloud Migration

Monitoring Widely Distributed Environments Without Losing Focus

eBook: Inside IBM MQ Deployment Choices

Contain Costs and Mitigate Risks of Transactions on the Middleware Superhighway

Case Studies

Parker Hannifin Improves Efficiencies Across Business Units with Infrared360® and Trusted Spaces™

Alight Implements Secure, Holistic Self-Service Messaging

Sompo International Builds Business Platform Optimization with SOAP and REST Monitoring

The power of a healthy network: Visiting Nurse Service of New York harnesses IBM, partner technology to streamline patient care.

Video

The Business Case for Modernizing Your MQ Estate Today

Improving Productivity Through Smart, Safe Self-Service

Managing Middleware in Hybrid Cloud

Integrating Data in the Cloud with IBM App Connect

Transforming Your IBM MQ Estate Using Containers

Integration Modernization Lessons Learned

IBM MQ: Enterprise-wide Integration for Modern Distributed Environments

Understanding External Influences on Your Integration Strategy and Direction

Analyst Reports

Peer Reviews for Infrared360®

Avada Software Named a Most Promising IBM Solution Provider for 2023

Avada Software named one of Most Promising IBM Solutions Providers for 2022

A Systems Integrator and Services Provider Cuts Costs, Creates New Revenue Streams While Improving Service Delivery

Infrared360 named one of CIOReview’s 20 Most Promising APM Solution Providers

Analyst Report: Managing an IBM MQ Environment at USBank

CIO Feedback/Data Sheet

About the Author: John Ghilino

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM® MQ, IBM® ACE/IIB, ActiveMQ®, WebSphere®, JBoss®, and Tomcat® Application Servers, URLs, SOAP & REST-based web services, IBM® DataPower® and MQ Appliance.

Latest Insight

The Middleware Blog

May 5th, 2025|

Best Practices for Securing IBM MQ in Kubernetes As organizations modernize their infrastructure, deploying IBM MQ in Kubernetes has become increasingly common. But with this shift comes new challenges—especially in security. Traditional methods of access control and monitoring aren’t enough in dynamic, containerized environments. Securing IBM MQ in Kubernetes requires a focus on identity, visibility, and role-based access control (RBAC):

  • Use external identity sources: In Kubernetes, container-based deployments don’t maintain […]
Read More

April 29th, 2025|

The Crucial Role of Synthetic Transactions in ActiveMQ Performance Testing

Messaging systems are the foundation of many modern enterprises, with ActiveMQ increasingly emerging as a key player in this arena. Yet, maintaining the strength and dependability of these intricate messaging environments requires more than just optimism. By mimicking real-world user activity, synthetic transactions offer a proactive approach to evaluating ActiveMQ’s performance, resilience, and overall system health.

Read More

April 17th, 2025|

Why Developers Need Access to MQ and How to Make It Work Securely

Imagine you’re a developer trying to test a new feature that sends a message through IBM MQ.

You write the code, hit run… and nothing happens. The message disappears. You suspect it’s stuck in a queue somewhere.

But you can’t see it. You can’t confirm it. And you definitely can’t fix it, because you don’t have access.

That’s the daily […]

Read More

April 3rd, 2025|

IBM MQ Native HA: Enhancing Messaging Resilience in Modern Architectures

In today’s digitally connected world, enterprise messaging systems must be both highly available and resilient. IBM MQ—a leader in message-oriented middleware—provides robust messaging capabilities that ensure reliable data exchange between applications. One of the key features that help guarantee uninterrupted messaging is Native High Availability (HA). This article explores IBM MQ Native HA in depth, clarifies common misconceptions by comparing […]

Read More

March 25th, 2025|

Are You Effectively Monitoring Your IBM MQ and Kafka Performance?

In today’s complex data landscapes, many enterprises rely on a combination of IBM MQ and Apache Kafka to handle their messaging needs. While both are powerful technologies, they serve different purposes: IBM MQ excels at ensuring precision and guaranteed message delivery, while Kafka is designed for high-volume data processing and event streaming.

Often, businesses find themselves

Read More

March 5th, 2025|

How to Simplify IBM MQ DLQ Management with Automation Dead Letter Queues (DLQs) are a crucial component of IBM MQ, acting as a safety net for messages that cannot be delivered to their intended destination. However, managing DLQs efficiently—especially in large, complex environments—can quickly become a challenge. Without automation, the task is labor-intensive, prone to errors, and can introduce delays in message processing, impacting business operations.

This article explores advanced techniques […]

Read More

We are proud supporters of:

Avada Software. All Rights Reserved |This website may contain logos and trademarks of third parties. These are the property of their respective owners and are used on this site for informational purposes only. Avada Software does not claim any ownership or association with these trademarks or, except where explicitly stated, their respective organizations. | Privacy Policy
Go to Top