IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.

IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.

IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.

Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.