Primary

Context

IBM MQ Appliance Cryptographic Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

Patched

A vulnerability exists in IBM MQ Appliance versions 9.4 CD prior to 9.4.4.0 and between 9.4.4.0 and 9.4.4.1, due to the use of weaker than expected cryptographic algorithms. This could potentially allow an attacker to decrypt highly sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of sensitive information.

Remediation

Users are advised to upgrade to IBM MQ Appliance continuous delivery release 9.4.5.0 or later. This vulnerability is addressed under known issue DT458796.

Added: Mar 3, 2026, 9:24 PM

Updated: Mar 3, 2026, 10:01 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM MQ Appliance Cryptographic Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

Impact

Remediation

Affected Products

IBM MQ Appliance

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating