Search criteria
24 vulnerabilities found for MQ Operator by IBM
CVE-2025-33013 (GCVE-0-2025-33013)
Vulnerability from cvelistv5 – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
Severity ?
6.2 (Medium)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:40.272604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:03:48.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:27:18.300Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33013",
"datePublished": "2025-07-24T14:55:04.945Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-08-18T01:27:18.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36005 (GCVE-0-2025-36005)
Vulnerability from cvelistv5 – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:30.894944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:04:05.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:24:38.369Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36005",
"datePublished": "2025-07-24T14:52:53.238Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-08-17T01:24:38.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36041 (GCVE-0-2025-36041)
Vulnerability from cvelistv5 – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity ?
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T13:38:47.283894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T13:39:03.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:52:26.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36041",
"datePublished": "2025-06-15T12:51:06.394Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-24T11:52:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1333 (GCVE-0-2025-1333)
Vulnerability from cvelistv5 – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
VLAI?
Summary
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
Severity ?
6 (Medium)
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:36:23.026891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:36:30.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
}
],
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:00:22.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1333",
"datePublished": "2025-05-01T22:07:08.697Z",
"dateReserved": "2025-02-15T13:46:56.478Z",
"dateUpdated": "2025-08-28T15:00:22.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27365 (GCVE-0-2025-27365)
Vulnerability from cvelistv5 – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T12:44:58.452230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T12:45:05.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:59:58.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27365",
"datePublished": "2025-05-01T21:24:24.884Z",
"dateReserved": "2025-02-22T15:25:27.068Z",
"dateUpdated": "2025-08-28T14:59:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27256 (GCVE-0-2024-27256)
Vulnerability from cvelistv5 – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
VLAI?
Summary
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.4.0 , ≤ 2.4.8
(semver)
Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver) Affected: 3.0.0 CD, 3.0.1 CD Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T16:38:52.951975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:29:12.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.22 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 CD, 3.0.1 CD"
},
{
"lessThanOrEqual": "3.1.3 CD",
"status": "affected",
"version": "3.1.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T16:27:53.275Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7157667"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27256",
"datePublished": "2025-01-27T16:27:53.275Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2025-02-18T19:29:12.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40681 (GCVE-0-2024-40681)
Vulnerability from cvelistv5 – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
VLAI?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
Severity ?
7.5 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Affected:
9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:20.594086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:29.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:31:36.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40681",
"datePublished": "2024-09-07T14:09:19.767Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:31:36.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40680 (GCVE-0-2024-40680)
Vulnerability from cvelistv5 – Published: 2024-09-07 14:02 – Updated: 2024-10-31 16:26
VLAI?
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
Severity ?
5.5 (Medium)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:47.896534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:08.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:26:59.453Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40680",
"datePublished": "2024-09-07T14:02:30.422Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:26:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39742 (GCVE-0-2024-39742)
Vulnerability from cvelistv5 – Published: 2024-07-08 13:16 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
Severity ?
8.1 (High)
CWE
- CWE-187 - Partial Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mq_operator",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "2.0.24"
},
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T20:36:49.944598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:40:48.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:16:10.090Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39742",
"datePublished": "2024-07-08T13:16:10.090Z",
"dateReserved": "2024-06-28T09:34:35.183Z",
"dateUpdated": "2024-08-02T04:26:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39743 (GCVE-0-2024-39743)
Vulnerability from cvelistv5 – Published: 2024-07-08 13:14 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
Severity ?
5.9 (Medium)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:41:53.322390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:58:56.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T13:48:40.013Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39743",
"datePublished": "2024-07-08T13:14:43.915Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-02T04:26:16.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47745 (GCVE-0-2023-47745)
Vulnerability from cvelistv5 – Published: 2024-03-03 11:56 – Updated: 2024-08-02 21:16
VLAI?
Summary
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.
Severity ?
6.2 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.18 LTS
(semver)
Affected: 2.4.0 , ≤ 2.4.7 (semver) Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 3.0.0 CD , ≤ 3.0.1 CD (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:56:03.745379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:56:27.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.18 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1 CD",
"status": "affected",
"version": "3.0.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638."
}
],
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-03T11:56:00.503Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272638"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47745",
"datePublished": "2024-03-03T11:56:00.503Z",
"dateReserved": "2023-11-09T11:31:41.193Z",
"dateUpdated": "2024-08-02T21:16:43.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27255 (GCVE-0-2024-27255)
Vulnerability from cvelistv5 – Published: 2024-03-03 11:54 – Updated: 2024-08-02 00:27
VLAI?
Summary
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.18 LTS
(semver)
Affected: 2.4.0 , ≤ 2.4.7 (semver) Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 3.0.0 CD , ≤ 3.0.1 CD (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:55:16.267865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:55:47.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.18 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1 CD",
"status": "affected",
"version": "3.0.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."
}
],
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-03T11:54:10.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27255",
"datePublished": "2024-03-03T11:54:10.301Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2024-08-02T00:27:59.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33013 (GCVE-0-2025-33013)
Vulnerability from nvd – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
Severity ?
6.2 (Medium)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:40.272604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:03:48.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:27:18.300Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33013",
"datePublished": "2025-07-24T14:55:04.945Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-08-18T01:27:18.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36005 (GCVE-0-2025-36005)
Vulnerability from nvd – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:30.894944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:04:05.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:24:38.369Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36005",
"datePublished": "2025-07-24T14:52:53.238Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-08-17T01:24:38.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36041 (GCVE-0-2025-36041)
Vulnerability from nvd – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity ?
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T13:38:47.283894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T13:39:03.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:52:26.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36041",
"datePublished": "2025-06-15T12:51:06.394Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-24T11:52:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1333 (GCVE-0-2025-1333)
Vulnerability from nvd – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
VLAI?
Summary
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
Severity ?
6 (Medium)
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:36:23.026891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:36:30.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
}
],
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:00:22.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1333",
"datePublished": "2025-05-01T22:07:08.697Z",
"dateReserved": "2025-02-15T13:46:56.478Z",
"dateUpdated": "2025-08-28T15:00:22.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27365 (GCVE-0-2025-27365)
Vulnerability from nvd – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T12:44:58.452230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T12:45:05.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:59:58.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27365",
"datePublished": "2025-05-01T21:24:24.884Z",
"dateReserved": "2025-02-22T15:25:27.068Z",
"dateUpdated": "2025-08-28T14:59:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27256 (GCVE-0-2024-27256)
Vulnerability from nvd – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
VLAI?
Summary
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.4.0 , ≤ 2.4.8
(semver)
Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver) Affected: 3.0.0 CD, 3.0.1 CD Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T16:38:52.951975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:29:12.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.22 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 CD, 3.0.1 CD"
},
{
"lessThanOrEqual": "3.1.3 CD",
"status": "affected",
"version": "3.1.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T16:27:53.275Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7157667"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27256",
"datePublished": "2025-01-27T16:27:53.275Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2025-02-18T19:29:12.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40681 (GCVE-0-2024-40681)
Vulnerability from nvd – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
VLAI?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
Severity ?
7.5 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Affected:
9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:20.594086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:29.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:31:36.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40681",
"datePublished": "2024-09-07T14:09:19.767Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:31:36.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40680 (GCVE-0-2024-40680)
Vulnerability from nvd – Published: 2024-09-07 14:02 – Updated: 2024-10-31 16:26
VLAI?
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
Severity ?
5.5 (Medium)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:47.896534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:08.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:26:59.453Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40680",
"datePublished": "2024-09-07T14:02:30.422Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:26:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39742 (GCVE-0-2024-39742)
Vulnerability from nvd – Published: 2024-07-08 13:16 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
Severity ?
8.1 (High)
CWE
- CWE-187 - Partial Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mq_operator",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "2.0.24"
},
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T20:36:49.944598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:40:48.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:16:10.090Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39742",
"datePublished": "2024-07-08T13:16:10.090Z",
"dateReserved": "2024-06-28T09:34:35.183Z",
"dateUpdated": "2024-08-02T04:26:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39743 (GCVE-0-2024-39743)
Vulnerability from nvd – Published: 2024-07-08 13:14 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
Severity ?
5.9 (Medium)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:41:53.322390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:58:56.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T13:48:40.013Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39743",
"datePublished": "2024-07-08T13:14:43.915Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-02T04:26:16.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47745 (GCVE-0-2023-47745)
Vulnerability from nvd – Published: 2024-03-03 11:56 – Updated: 2024-08-02 21:16
VLAI?
Summary
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.
Severity ?
6.2 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.18 LTS
(semver)
Affected: 2.4.0 , ≤ 2.4.7 (semver) Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 3.0.0 CD , ≤ 3.0.1 CD (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:56:03.745379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:56:27.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.18 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1 CD",
"status": "affected",
"version": "3.0.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638."
}
],
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-03T11:56:00.503Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272638"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47745",
"datePublished": "2024-03-03T11:56:00.503Z",
"dateReserved": "2023-11-09T11:31:41.193Z",
"dateUpdated": "2024-08-02T21:16:43.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27255 (GCVE-0-2024-27255)
Vulnerability from nvd – Published: 2024-03-03 11:54 – Updated: 2024-08-02 00:27
VLAI?
Summary
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.18 LTS
(semver)
Affected: 2.4.0 , ≤ 2.4.7 (semver) Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 3.0.0 CD , ≤ 3.0.1 CD (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:55:16.267865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:55:47.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.18 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1 CD",
"status": "affected",
"version": "3.0.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."
}
],
"value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-03T11:54:10.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7126571"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27255",
"datePublished": "2024-03-03T11:54:10.301Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2024-08-02T00:27:59.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}