Search criteria
36 vulnerabilities found for mq_operator by ibm
FKIE_CVE-2025-36005
Vulnerability from fkie_nvd - Published: 2025-07-24 15:15 - Updated: 2025-08-22 18:08
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240431 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7AFB54D-40A4-4F84-AFFF-CB281A60B4FF",
"versionEndIncluding": "2.0.29",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "9F201800-9E6A-40ED-84F3-CEAAE48B8A83",
"versionEndIncluding": "3.2.13",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "754475E5-89D1-4E26-9A78-A8767A8BA8C7",
"versionEndIncluding": "3.6.0",
"versionStartIncluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FB341641-C8C5-400C-A158-B094250219C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "F2578B50-83A2-459E-92F2-154934422303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "A2963DDF-4741-4FDB-A4CB-0350AA17F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "7E4C4E82-B26E-481B-856C-C89E03AEABA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0E5B52E8-F7FB-4D2B-B5EA-0F1C77D09BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*",
"matchCriteriaId": "63585F59-55B6-402A-975C-2427A925632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*",
"matchCriteriaId": "2172F814-8E7C-4048-B62E-1932A6177468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*",
"matchCriteriaId": "54793923-444F-4196-AE5C-B54DDF08EC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "080C6975-1041-4BBB-AAFB-DE2D141BBE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "54B19F39-5F7E-416A-AE4C-EEC04A6CA5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "594B6DB4-D871-4913-BCAD-1310FB51A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "AD168932-0567-4E7E-A6C6-2467D2A90496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4B61796D-B50D-4D3D-9618-8070A8B12AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "CF0D971B-CC71-4A7A-97A3-87D031F76C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "C9B9FE2C-E27A-468A-BEE2-7DC2DE3BE67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "D11E13D1-FE9C-456B-85F3-C5A8B66074E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "F4B616A8-73DE-4AB8-AD2D-3DC7E28AD5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "2F942CCF-1A4C-4B08-B3D2-8003BD4DB8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "46B69936-F207-4F6F-A657-838151F381FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "6155E304-339A-4228-B10F-E5FEFB9AB77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r3:*:*:sc2:*:*:*",
"matchCriteriaId": "1F98E91D-8B45-42D9-9AB3-0D3B4016BE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "40A8768A-172A-4AA4-871D-4A4E0CB68B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "A72A89EE-6CD8-408F-B76F-98F106308322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "19D9B726-0FF1-4566-9649-373E542F51E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "A065A567-AC6A-483B-87B6-0E41DB9B447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "46627889-BFEE-4B45-912F-E4C32C48E1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "B785F246-B526-4C0A-A0E2-6C84B1C2510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "69C2278D-C649-44E0-8D55-96A379853354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.3.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "35555450-B67F-43B9-BB7E-502901CDA054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
},
{
"lang": "es",
"value": "Internet Pass-Thru en IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0 y MQ Operator SC2 3.2.0 a 3.2.13 podr\u00eda permitir que un usuario malintencionado obtenga informaci\u00f3n confidencial de otra conexi\u00f3n de sesi\u00f3n TLS a trav\u00e9s del proxy al mismo nombre de host y puerto debido a una validaci\u00f3n de certificado incorrecta."
}
],
"id": "CVE-2025-36005",
"lastModified": "2025-08-22T18:08:49.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-24T15:15:26.083",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-33013
Vulnerability from fkie_nvd - Published: 2025-07-24 15:15 - Updated: 2025-08-22 18:10
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240431 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7AFB54D-40A4-4F84-AFFF-CB281A60B4FF",
"versionEndIncluding": "2.0.29",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "9F201800-9E6A-40ED-84F3-CEAAE48B8A83",
"versionEndIncluding": "3.2.13",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "754475E5-89D1-4E26-9A78-A8767A8BA8C7",
"versionEndIncluding": "3.6.0",
"versionStartIncluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FB341641-C8C5-400C-A158-B094250219C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "F2578B50-83A2-459E-92F2-154934422303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "A2963DDF-4741-4FDB-A4CB-0350AA17F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "7E4C4E82-B26E-481B-856C-C89E03AEABA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0E5B52E8-F7FB-4D2B-B5EA-0F1C77D09BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*",
"matchCriteriaId": "63585F59-55B6-402A-975C-2427A925632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*",
"matchCriteriaId": "2172F814-8E7C-4048-B62E-1932A6177468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*",
"matchCriteriaId": "54793923-444F-4196-AE5C-B54DDF08EC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "080C6975-1041-4BBB-AAFB-DE2D141BBE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "54B19F39-5F7E-416A-AE4C-EEC04A6CA5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "594B6DB4-D871-4913-BCAD-1310FB51A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "AD168932-0567-4E7E-A6C6-2467D2A90496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4B61796D-B50D-4D3D-9618-8070A8B12AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "CF0D971B-CC71-4A7A-97A3-87D031F76C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "C9B9FE2C-E27A-468A-BEE2-7DC2DE3BE67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "D11E13D1-FE9C-456B-85F3-C5A8B66074E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "F4B616A8-73DE-4AB8-AD2D-3DC7E28AD5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "2F942CCF-1A4C-4B08-B3D2-8003BD4DB8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "46B69936-F207-4F6F-A657-838151F381FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "6155E304-339A-4228-B10F-E5FEFB9AB77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r3:*:*:sc2:*:*:*",
"matchCriteriaId": "1F98E91D-8B45-42D9-9AB3-0D3B4016BE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "40A8768A-172A-4AA4-871D-4A4E0CB68B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "A72A89EE-6CD8-408F-B76F-98F106308322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "19D9B726-0FF1-4566-9649-373E542F51E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "A065A567-AC6A-483B-87B6-0E41DB9B447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "46627889-BFEE-4B45-912F-E4C32C48E1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "B785F246-B526-4C0A-A0E2-6C84B1C2510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "69C2278D-C649-44E0-8D55-96A379853354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.3.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "35555450-B67F-43B9-BB7E-502901CDA054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
},
{
"lang": "es",
"value": "IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0 y MQ Operator SC2 3.2.0 a 3.2.13 Container podr\u00edan divulgar informaci\u00f3n confidencial a un usuario local debido a una limpieza incorrecta de la memoria del mont\u00f3n antes del lanzamiento."
}
],
"id": "CVE-2025-33013",
"lastModified": "2025-08-22T18:10:19.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-24T15:15:25.750",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-244"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-36041
Vulnerability from fkie_nvd - Published: 2025-06-15 13:15 - Updated: 2025-08-22 18:33
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7236608 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7AFB54D-40A4-4F84-AFFF-CB281A60B4FF",
"versionEndIncluding": "2.0.29",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3142CD8-16DC-4298-A545-4BEDEBB3A20F",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "E76199DF-C063-498D-99B1-61FCAF92BA28",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "18DDB9C6-C28D-4361-B302-99CE1D6C2D6C",
"versionEndIncluding": "3.2.12",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "507191E3-2D47-4D43-A297-782706102362",
"versionEndIncluding": "3.5.3",
"versionStartIncluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FB341641-C8C5-400C-A158-B094250219C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "F2578B50-83A2-459E-92F2-154934422303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "A2963DDF-4741-4FDB-A4CB-0350AA17F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "7E4C4E82-B26E-481B-856C-C89E03AEABA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "F281BB9F-7A08-4B7B-8CA6-30050FDA44DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "B2EDEDC5-307E-42D6-8539-5531BBC1A1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "4BA5C10C-6FCD-4C1A-958C-5B135EEE44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "48CB9920-0517-4B3F-929D-E3CC5F4B4758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "210B462C-AAE4-40B4-B79A-741ED9FF17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "F149BAF2-76F4-49B2-A5F2-3E95F6A0473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "B2773684-AD9E-43BF-B98C-263C707632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "6367B892-DE7D-4126-B787-CD380F28A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "D838BD4B-B783-4BA8-841A-C8A3A0B8AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "4F57BE44-C60D-4993-9F0C-777A66FDC1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "C450E6E2-C798-4E3C-8828-DCF4B9B226D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "1951D2BD-E9B9-481A-BA94-F162C4B1DBE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "9835CC02-7B53-45A7-807C-828075C86B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "CCB17E4B-69D5-4CC3-B05B-DE3309878C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "E083CF51-92FF-44CE-8D5B-22C1AB182D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "9B9D879B-CDA6-4C97-B883-2208EFADB564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "BE934985-CF87-4634-8241-513CA5BFAB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "02A0DBBD-2F23-4774-9036-8BAD2DE73116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "A1339C21-9F4C-4B97-9BCF-1340193EE368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "2BE156B5-068D-4B25-980B-4DA9C1E224F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "7C65DE89-E341-4524-8D28-821533422A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "76C05B9D-4F94-4A5C-9F4B-610366C5D14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "77B98598-1AAF-41B7-B6F2-C6FCD04880AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D2331F4E-1DD2-423F-A1A3-9BF0FCD1CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "586E8711-3259-4435-B1A7-D1DDD04A0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D18AE8A2-1041-46E7-AD07-FCBC4A0688B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "11AE07D3-163B-4724-ABE0-6344E118818D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4F6A7891-8592-4926-AAFE-AADE36BBE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "A11A9BC9-C446-4BB7-82B3-A1201B039EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "080D987D-5DBE-4C7E-8164-272D37C0FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "F0F8EE01-9E25-4E04-85A3-7029645A329D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "CCD405D8-4163-4B85-8502-A2B80A7CB71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "0DBCE2E5-254B-4B41-BCAD-466BB433E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "054ED344-6EB3-4087-99B6-23C9EACD45DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "B50A95CC-DCD0-434A-AA9B-845ADCB16BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:-:*:*:*",
"matchCriteriaId": "C58C239B-65AB-4949-ADC4-26F6BCF03493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:-:*:*:*",
"matchCriteriaId": "E75C5767-493E-4F8F-AD2A-A59B1894CE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "AFCFBA66-3384-4CF2-A9C3-D68C920F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:-:*:*:*",
"matchCriteriaId": "1286A3D6-6714-4E07-AFCF-99DE4749E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:-:*:*:*",
"matchCriteriaId": "E8F12C0D-6044-4E2F-A782-D98D60004358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:-:*:*:*",
"matchCriteriaId": "4FEC8928-0DB6-4228-92B1-9BC001BF5816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:-:*:*:*",
"matchCriteriaId": "DF1225D6-89B2-4AF7-97AA-812E56607432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:-:*:*:*",
"matchCriteriaId": "4FD1C341-8009-4906-961E-0B8B0A96E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:-:*:*:*",
"matchCriteriaId": "1AFE6CD8-1A7D-460E-986E-9F31525CB1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0E5B52E8-F7FB-4D2B-B5EA-0F1C77D09BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*",
"matchCriteriaId": "63585F59-55B6-402A-975C-2427A925632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*",
"matchCriteriaId": "2172F814-8E7C-4048-B62E-1932A6177468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*",
"matchCriteriaId": "54793923-444F-4196-AE5C-B54DDF08EC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "271ACED8-48D7-44C8-888A-45BE5B2B7239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B196C227-3F7F-4C8C-AECC-3171E291AB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "9B4BB16D-106B-435A-9090-5E14225F7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "482FD0F0-4C26-4182-A122-150D37FA0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0F010DC-F86C-4B19-BF27-3ACCD5B65EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "D57CCD9C-0310-4B29-AEB5-B9C3BCF84BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "1C0BC3BC-47DE-4472-B869-A5BB21F1241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "3C836DF9-402D-4492-848C-8CABECCEBF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "E57BB02E-92A2-4C31-AEBA-220AC2B52139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B0ED267C-F4F5-4F3D-B9D1-DEFC18E577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0B46455-A3B3-46B9-B023-9C40999EC887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "BDB7F6E0-D7BB-4239-9BB6-CC538AFCC9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r1:*:*:-:*:*:*",
"matchCriteriaId": "38B60909-E70D-45A1-B95F-0AC902DBF2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r2:*:*:-:*:*:*",
"matchCriteriaId": "DC13C717-8DF5-47B0-89C3-6E9F4C27865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r3:*:*:-:*:*:*",
"matchCriteriaId": "90854BD5-8939-4602-A7FF-3F1060B91B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "8E1859F6-F032-4BBB-B697-537E1AE08CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r2:*:*:-:*:*:*",
"matchCriteriaId": "D261EABB-12C7-4853-B8D2-1F7A0787934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "82B2A6C2-8A96-44B9-AE44-CD03F4F1A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "63DEF1FF-1209-4FE8-820A-614BC03A03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "2396F8A8-9FAF-42B1-9404-9CABC7DAC27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "848DA8F1-EF5E-4DBC-A1BB-1D39A2900726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "CAA1B613-6F57-4300-A531-053B57DFAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "D79890E9-E12B-42B3-90D3-1E262C9E2C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "080C6975-1041-4BBB-AAFB-DE2D141BBE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "54B19F39-5F7E-416A-AE4C-EEC04A6CA5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "594B6DB4-D871-4913-BCAD-1310FB51A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "AD168932-0567-4E7E-A6C6-2467D2A90496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4B61796D-B50D-4D3D-9618-8070A8B12AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "CF0D971B-CC71-4A7A-97A3-87D031F76C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "C9B9FE2C-E27A-468A-BEE2-7DC2DE3BE67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "D11E13D1-FE9C-456B-85F3-C5A8B66074E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "F4B616A8-73DE-4AB8-AD2D-3DC7E28AD5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "2F942CCF-1A4C-4B08-B3D2-8003BD4DB8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r1:*:*:sc2:*:*:*",
"matchCriteriaId": "46B69936-F207-4F6F-A657-838151F381FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r2:*:*:sc2:*:*:*",
"matchCriteriaId": "6155E304-339A-4228-B10F-E5FEFB9AB77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "40A8768A-172A-4AA4-871D-4A4E0CB68B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "A72A89EE-6CD8-408F-B76F-98F106308322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "19D9B726-0FF1-4566-9649-373E542F51E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "A065A567-AC6A-483B-87B6-0E41DB9B447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "46627889-BFEE-4B45-912F-E4C32C48E1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "B785F246-B526-4C0A-A0E2-6C84B1C2510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "69C2278D-C649-44E0-8D55-96A379853354",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
},
{
"lang": "es",
"value": "IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 a 3.5.3 y MQ Operator SC2 3.2.0 a 3.2.12 Native HA CRR podr\u00edan configurarse con una clave privada y una cadena distinta a la clave prevista, lo que podr\u00eda revelar informaci\u00f3n confidencial o permitir que el atacante realice acciones no autorizadas."
}
],
"id": "CVE-2025-36041",
"lastModified": "2025-08-22T18:33:01.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-15T13:15:33.177",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-27365
Vulnerability from fkie_nvd - Published: 2025-05-01 22:15 - Updated: 2025-08-25 17:25
Severity ?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232272 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7AFB54D-40A4-4F84-AFFF-CB281A60B4FF",
"versionEndIncluding": "2.0.29",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3142CD8-16DC-4298-A545-4BEDEBB3A20F",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "E76199DF-C063-498D-99B1-61FCAF92BA28",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "B53344B7-AF2D-4D7F-95D3-026441B671C8",
"versionEndIncluding": "3.2.10",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FB341641-C8C5-400C-A158-B094250219C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "F2578B50-83A2-459E-92F2-154934422303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "A2963DDF-4741-4FDB-A4CB-0350AA17F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "7E4C4E82-B26E-481B-856C-C89E03AEABA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "2B7E5396-E067-449F-8CE7-AC3B6432DA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "F281BB9F-7A08-4B7B-8CA6-30050FDA44DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "B2EDEDC5-307E-42D6-8539-5531BBC1A1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "4BA5C10C-6FCD-4C1A-958C-5B135EEE44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "48CB9920-0517-4B3F-929D-E3CC5F4B4758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "210B462C-AAE4-40B4-B79A-741ED9FF17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "F149BAF2-76F4-49B2-A5F2-3E95F6A0473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "B2773684-AD9E-43BF-B98C-263C707632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "6367B892-DE7D-4126-B787-CD380F28A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "D838BD4B-B783-4BA8-841A-C8A3A0B8AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "4F57BE44-C60D-4993-9F0C-777A66FDC1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "C450E6E2-C798-4E3C-8828-DCF4B9B226D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "1951D2BD-E9B9-481A-BA94-F162C4B1DBE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "9835CC02-7B53-45A7-807C-828075C86B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "CCB17E4B-69D5-4CC3-B05B-DE3309878C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "E083CF51-92FF-44CE-8D5B-22C1AB182D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "9B9D879B-CDA6-4C97-B883-2208EFADB564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "BE934985-CF87-4634-8241-513CA5BFAB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "02A0DBBD-2F23-4774-9036-8BAD2DE73116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "A1339C21-9F4C-4B97-9BCF-1340193EE368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "2BE156B5-068D-4B25-980B-4DA9C1E224F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "7C65DE89-E341-4524-8D28-821533422A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "76C05B9D-4F94-4A5C-9F4B-610366C5D14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "77B98598-1AAF-41B7-B6F2-C6FCD04880AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D2331F4E-1DD2-423F-A1A3-9BF0FCD1CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "586E8711-3259-4435-B1A7-D1DDD04A0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D18AE8A2-1041-46E7-AD07-FCBC4A0688B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "11AE07D3-163B-4724-ABE0-6344E118818D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4F6A7891-8592-4926-AAFE-AADE36BBE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "A11A9BC9-C446-4BB7-82B3-A1201B039EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "080D987D-5DBE-4C7E-8164-272D37C0FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "F0F8EE01-9E25-4E04-85A3-7029645A329D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "CCD405D8-4163-4B85-8502-A2B80A7CB71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "0DBCE2E5-254B-4B41-BCAD-466BB433E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "054ED344-6EB3-4087-99B6-23C9EACD45DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "B50A95CC-DCD0-434A-AA9B-845ADCB16BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:-:*:*:*",
"matchCriteriaId": "C58C239B-65AB-4949-ADC4-26F6BCF03493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:-:*:*:*",
"matchCriteriaId": "E75C5767-493E-4F8F-AD2A-A59B1894CE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "AFCFBA66-3384-4CF2-A9C3-D68C920F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:-:*:*:*",
"matchCriteriaId": "1286A3D6-6714-4E07-AFCF-99DE4749E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:-:*:*:*",
"matchCriteriaId": "E8F12C0D-6044-4E2F-A782-D98D60004358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:-:*:*:*",
"matchCriteriaId": "4FEC8928-0DB6-4228-92B1-9BC001BF5816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:-:*:*:*",
"matchCriteriaId": "DF1225D6-89B2-4AF7-97AA-812E56607432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:-:*:*:*",
"matchCriteriaId": "4FD1C341-8009-4906-961E-0B8B0A96E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:-:*:*:*",
"matchCriteriaId": "1AFE6CD8-1A7D-460E-986E-9F31525CB1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0E5B52E8-F7FB-4D2B-B5EA-0F1C77D09BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*",
"matchCriteriaId": "63585F59-55B6-402A-975C-2427A925632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*",
"matchCriteriaId": "2172F814-8E7C-4048-B62E-1932A6177468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*",
"matchCriteriaId": "54793923-444F-4196-AE5C-B54DDF08EC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "271ACED8-48D7-44C8-888A-45BE5B2B7239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B196C227-3F7F-4C8C-AECC-3171E291AB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "9B4BB16D-106B-435A-9090-5E14225F7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "482FD0F0-4C26-4182-A122-150D37FA0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0F010DC-F86C-4B19-BF27-3ACCD5B65EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "D57CCD9C-0310-4B29-AEB5-B9C3BCF84BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "1C0BC3BC-47DE-4472-B869-A5BB21F1241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "3C836DF9-402D-4492-848C-8CABECCEBF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "E57BB02E-92A2-4C31-AEBA-220AC2B52139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B0ED267C-F4F5-4F3D-B9D1-DEFC18E577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0B46455-A3B3-46B9-B023-9C40999EC887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "BDB7F6E0-D7BB-4239-9BB6-CC538AFCC9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r1:*:*:-:*:*:*",
"matchCriteriaId": "38B60909-E70D-45A1-B95F-0AC902DBF2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r2:*:*:-:*:*:*",
"matchCriteriaId": "DC13C717-8DF5-47B0-89C3-6E9F4C27865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r3:*:*:-:*:*:*",
"matchCriteriaId": "90854BD5-8939-4602-A7FF-3F1060B91B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "8E1859F6-F032-4BBB-B697-537E1AE08CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r2:*:*:-:*:*:*",
"matchCriteriaId": "D261EABB-12C7-4853-B8D2-1F7A0787934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "82B2A6C2-8A96-44B9-AE44-CD03F4F1A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "63DEF1FF-1209-4FE8-820A-614BC03A03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "2396F8A8-9FAF-42B1-9404-9CABC7DAC27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "848DA8F1-EF5E-4DBC-A1BB-1D39A2900726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "CAA1B613-6F57-4300-A531-053B57DFAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "D79890E9-E12B-42B3-90D3-1E262C9E2C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "080C6975-1041-4BBB-AAFB-DE2D141BBE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "54B19F39-5F7E-416A-AE4C-EEC04A6CA5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "594B6DB4-D871-4913-BCAD-1310FB51A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "AD168932-0567-4E7E-A6C6-2467D2A90496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4B61796D-B50D-4D3D-9618-8070A8B12AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "977C6C07-A43D-4764-9106-2C710A5426EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:lts:*:*:*",
"matchCriteriaId": "C3A5FF85-F888-4791-9684-8120B0967604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:lts:*:*:*",
"matchCriteriaId": "1DEFC847-C305-4DA5-8A4A-4734079E180E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D5191C70-5BBA-43EB-B7C6-F9103D600833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6D036FDA-2054-4E79-A947-C6021E5C8779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "40A8768A-172A-4AA4-871D-4A4E0CB68B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "A72A89EE-6CD8-408F-B76F-98F106308322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "19D9B726-0FF1-4566-9649-373E542F51E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "A065A567-AC6A-483B-87B6-0E41DB9B447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "46627889-BFEE-4B45-912F-E4C32C48E1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
},
{
"lang": "es",
"value": "Los clientes de IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 y MQ Operator SC2 3.2.0 a 3.2.10 que se conectan a un gestor de colas de MQ pueden provocar un SIGSEGV en el proceso del canal AMQRMPPA que lo finalice."
}
],
"id": "CVE-2025-27365",
"lastModified": "2025-08-25T17:25:34.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-05-01T22:15:17.500",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-1333
Vulnerability from fkie_nvd - Published: 2025-05-01 22:15 - Updated: 2025-08-25 17:27
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232272 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7AFB54D-40A4-4F84-AFFF-CB281A60B4FF",
"versionEndIncluding": "2.0.29",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3142CD8-16DC-4298-A545-4BEDEBB3A20F",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "E76199DF-C063-498D-99B1-61FCAF92BA28",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "B53344B7-AF2D-4D7F-95D3-026441B671C8",
"versionEndIncluding": "3.2.10",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FB341641-C8C5-400C-A158-B094250219C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "F2578B50-83A2-459E-92F2-154934422303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "A2963DDF-4741-4FDB-A4CB-0350AA17F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "7E4C4E82-B26E-481B-856C-C89E03AEABA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "2B7E5396-E067-449F-8CE7-AC3B6432DA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "F281BB9F-7A08-4B7B-8CA6-30050FDA44DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "B2EDEDC5-307E-42D6-8539-5531BBC1A1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "4BA5C10C-6FCD-4C1A-958C-5B135EEE44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "48CB9920-0517-4B3F-929D-E3CC5F4B4758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "210B462C-AAE4-40B4-B79A-741ED9FF17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "F149BAF2-76F4-49B2-A5F2-3E95F6A0473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "B2773684-AD9E-43BF-B98C-263C707632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "6367B892-DE7D-4126-B787-CD380F28A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "D838BD4B-B783-4BA8-841A-C8A3A0B8AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "4F57BE44-C60D-4993-9F0C-777A66FDC1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "C450E6E2-C798-4E3C-8828-DCF4B9B226D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "1951D2BD-E9B9-481A-BA94-F162C4B1DBE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "9835CC02-7B53-45A7-807C-828075C86B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "CCB17E4B-69D5-4CC3-B05B-DE3309878C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "E083CF51-92FF-44CE-8D5B-22C1AB182D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "9B9D879B-CDA6-4C97-B883-2208EFADB564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "BE934985-CF87-4634-8241-513CA5BFAB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "02A0DBBD-2F23-4774-9036-8BAD2DE73116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "A1339C21-9F4C-4B97-9BCF-1340193EE368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "2BE156B5-068D-4B25-980B-4DA9C1E224F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "7C65DE89-E341-4524-8D28-821533422A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "76C05B9D-4F94-4A5C-9F4B-610366C5D14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "77B98598-1AAF-41B7-B6F2-C6FCD04880AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D2331F4E-1DD2-423F-A1A3-9BF0FCD1CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "586E8711-3259-4435-B1A7-D1DDD04A0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D18AE8A2-1041-46E7-AD07-FCBC4A0688B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "11AE07D3-163B-4724-ABE0-6344E118818D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4F6A7891-8592-4926-AAFE-AADE36BBE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "A11A9BC9-C446-4BB7-82B3-A1201B039EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "080D987D-5DBE-4C7E-8164-272D37C0FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "F0F8EE01-9E25-4E04-85A3-7029645A329D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "CCD405D8-4163-4B85-8502-A2B80A7CB71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "0DBCE2E5-254B-4B41-BCAD-466BB433E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "054ED344-6EB3-4087-99B6-23C9EACD45DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "B50A95CC-DCD0-434A-AA9B-845ADCB16BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:-:*:*:*",
"matchCriteriaId": "C58C239B-65AB-4949-ADC4-26F6BCF03493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:-:*:*:*",
"matchCriteriaId": "E75C5767-493E-4F8F-AD2A-A59B1894CE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "AFCFBA66-3384-4CF2-A9C3-D68C920F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:-:*:*:*",
"matchCriteriaId": "1286A3D6-6714-4E07-AFCF-99DE4749E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:-:*:*:*",
"matchCriteriaId": "E8F12C0D-6044-4E2F-A782-D98D60004358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:-:*:*:*",
"matchCriteriaId": "4FEC8928-0DB6-4228-92B1-9BC001BF5816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:-:*:*:*",
"matchCriteriaId": "DF1225D6-89B2-4AF7-97AA-812E56607432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:-:*:*:*",
"matchCriteriaId": "4FD1C341-8009-4906-961E-0B8B0A96E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:-:*:*:*",
"matchCriteriaId": "1AFE6CD8-1A7D-460E-986E-9F31525CB1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0E5B52E8-F7FB-4D2B-B5EA-0F1C77D09BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*",
"matchCriteriaId": "63585F59-55B6-402A-975C-2427A925632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*",
"matchCriteriaId": "2172F814-8E7C-4048-B62E-1932A6177468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*",
"matchCriteriaId": "54793923-444F-4196-AE5C-B54DDF08EC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "271ACED8-48D7-44C8-888A-45BE5B2B7239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B196C227-3F7F-4C8C-AECC-3171E291AB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "9B4BB16D-106B-435A-9090-5E14225F7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "482FD0F0-4C26-4182-A122-150D37FA0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0F010DC-F86C-4B19-BF27-3ACCD5B65EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "D57CCD9C-0310-4B29-AEB5-B9C3BCF84BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "1C0BC3BC-47DE-4472-B869-A5BB21F1241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "3C836DF9-402D-4492-848C-8CABECCEBF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "E57BB02E-92A2-4C31-AEBA-220AC2B52139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B0ED267C-F4F5-4F3D-B9D1-DEFC18E577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0B46455-A3B3-46B9-B023-9C40999EC887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "BDB7F6E0-D7BB-4239-9BB6-CC538AFCC9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r1:*:*:-:*:*:*",
"matchCriteriaId": "38B60909-E70D-45A1-B95F-0AC902DBF2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r2:*:*:-:*:*:*",
"matchCriteriaId": "DC13C717-8DF5-47B0-89C3-6E9F4C27865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r3:*:*:-:*:*:*",
"matchCriteriaId": "90854BD5-8939-4602-A7FF-3F1060B91B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "8E1859F6-F032-4BBB-B697-537E1AE08CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r2:*:*:-:*:*:*",
"matchCriteriaId": "D261EABB-12C7-4853-B8D2-1F7A0787934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "82B2A6C2-8A96-44B9-AE44-CD03F4F1A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "63DEF1FF-1209-4FE8-820A-614BC03A03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "2396F8A8-9FAF-42B1-9404-9CABC7DAC27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "848DA8F1-EF5E-4DBC-A1BB-1D39A2900726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "CAA1B613-6F57-4300-A531-053B57DFAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "D79890E9-E12B-42B3-90D3-1E262C9E2C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "080C6975-1041-4BBB-AAFB-DE2D141BBE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "54B19F39-5F7E-416A-AE4C-EEC04A6CA5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "594B6DB4-D871-4913-BCAD-1310FB51A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "AD168932-0567-4E7E-A6C6-2467D2A90496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4B61796D-B50D-4D3D-9618-8070A8B12AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "977C6C07-A43D-4764-9106-2C710A5426EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:lts:*:*:*",
"matchCriteriaId": "C3A5FF85-F888-4791-9684-8120B0967604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:lts:*:*:*",
"matchCriteriaId": "1DEFC847-C305-4DA5-8A4A-4734079E180E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D5191C70-5BBA-43EB-B7C6-F9103D600833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6D036FDA-2054-4E79-A947-C6021E5C8779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "40A8768A-172A-4AA4-871D-4A4E0CB68B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "A72A89EE-6CD8-408F-B76F-98F106308322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "19D9B726-0FF1-4566-9649-373E542F51E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "A065A567-AC6A-483B-87B6-0E41DB9B447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "46627889-BFEE-4B45-912F-E4C32C48E1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
},
{
"lang": "es",
"value": "IBM MQ Container cuando se utiliza con IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 y MQ Operator SC2 3.2.0 a 3.2.10 y se configura con Cloud Pak for Integration Keycloak podr\u00eda divulgar informaci\u00f3n confidencial a un usuario privilegiado."
}
],
"id": "CVE-2025-1333",
"lastModified": "2025-08-25T17:27:30.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-01T22:15:16.657",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-214"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-27256
Vulnerability from fkie_nvd - Published: 2025-01-27 17:15 - Updated: 2025-08-18 18:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7157667 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "58DEDE23-06F7-499B-87CB-662908E7B494",
"versionEndIncluding": "2.0.22",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3142CD8-16DC-4298-A545-4BEDEBB3A20F",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "E76199DF-C063-498D-99B1-61FCAF92BA28",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "F281BB9F-7A08-4B7B-8CA6-30050FDA44DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "B2EDEDC5-307E-42D6-8539-5531BBC1A1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "4BA5C10C-6FCD-4C1A-958C-5B135EEE44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "48CB9920-0517-4B3F-929D-E3CC5F4B4758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "210B462C-AAE4-40B4-B79A-741ED9FF17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "F149BAF2-76F4-49B2-A5F2-3E95F6A0473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "B2773684-AD9E-43BF-B98C-263C707632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "6367B892-DE7D-4126-B787-CD380F28A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "D838BD4B-B783-4BA8-841A-C8A3A0B8AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "4F57BE44-C60D-4993-9F0C-777A66FDC1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "C450E6E2-C798-4E3C-8828-DCF4B9B226D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "1951D2BD-E9B9-481A-BA94-F162C4B1DBE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "9835CC02-7B53-45A7-807C-828075C86B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "CCB17E4B-69D5-4CC3-B05B-DE3309878C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "E083CF51-92FF-44CE-8D5B-22C1AB182D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "9B9D879B-CDA6-4C97-B883-2208EFADB564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "BE934985-CF87-4634-8241-513CA5BFAB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "02A0DBBD-2F23-4774-9036-8BAD2DE73116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "A1339C21-9F4C-4B97-9BCF-1340193EE368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "2BE156B5-068D-4B25-980B-4DA9C1E224F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "7C65DE89-E341-4524-8D28-821533422A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "77B98598-1AAF-41B7-B6F2-C6FCD04880AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D2331F4E-1DD2-423F-A1A3-9BF0FCD1CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "586E8711-3259-4435-B1A7-D1DDD04A0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D18AE8A2-1041-46E7-AD07-FCBC4A0688B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "11AE07D3-163B-4724-ABE0-6344E118818D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4F6A7891-8592-4926-AAFE-AADE36BBE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "A11A9BC9-C446-4BB7-82B3-A1201B039EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "080D987D-5DBE-4C7E-8164-272D37C0FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "F0F8EE01-9E25-4E04-85A3-7029645A329D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "CCD405D8-4163-4B85-8502-A2B80A7CB71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "0DBCE2E5-254B-4B41-BCAD-466BB433E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "054ED344-6EB3-4087-99B6-23C9EACD45DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "B50A95CC-DCD0-434A-AA9B-845ADCB16BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:-:*:*:*",
"matchCriteriaId": "C58C239B-65AB-4949-ADC4-26F6BCF03493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:-:*:*:*",
"matchCriteriaId": "E75C5767-493E-4F8F-AD2A-A59B1894CE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "AFCFBA66-3384-4CF2-A9C3-D68C920F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:-:*:*:*",
"matchCriteriaId": "1286A3D6-6714-4E07-AFCF-99DE4749E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:-:*:*:*",
"matchCriteriaId": "E8F12C0D-6044-4E2F-A782-D98D60004358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:-:*:*:*",
"matchCriteriaId": "4FEC8928-0DB6-4228-92B1-9BC001BF5816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:-:*:*:*",
"matchCriteriaId": "DF1225D6-89B2-4AF7-97AA-812E56607432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:-:*:*:*",
"matchCriteriaId": "4FD1C341-8009-4906-961E-0B8B0A96E6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:-:*:*:*",
"matchCriteriaId": "1AFE6CD8-1A7D-460E-986E-9F31525CB1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "271ACED8-48D7-44C8-888A-45BE5B2B7239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B196C227-3F7F-4C8C-AECC-3171E291AB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "9B4BB16D-106B-435A-9090-5E14225F7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "482FD0F0-4C26-4182-A122-150D37FA0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0F010DC-F86C-4B19-BF27-3ACCD5B65EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "D57CCD9C-0310-4B29-AEB5-B9C3BCF84BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "1C0BC3BC-47DE-4472-B869-A5BB21F1241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "3C836DF9-402D-4492-848C-8CABECCEBF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "E57BB02E-92A2-4C31-AEBA-220AC2B52139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B0ED267C-F4F5-4F3D-B9D1-DEFC18E577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0B46455-A3B3-46B9-B023-9C40999EC887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "BDB7F6E0-D7BB-4239-9BB6-CC538AFCC9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r1:*:*:-:*:*:*",
"matchCriteriaId": "38B60909-E70D-45A1-B95F-0AC902DBF2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r2:*:*:-:*:*:*",
"matchCriteriaId": "DC13C717-8DF5-47B0-89C3-6E9F4C27865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r3:*:*:-:*:*:*",
"matchCriteriaId": "90854BD5-8939-4602-A7FF-3F1060B91B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "8E1859F6-F032-4BBB-B697-537E1AE08CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r2:*:*:-:*:*:*",
"matchCriteriaId": "D261EABB-12C7-4853-B8D2-1F7A0787934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "82B2A6C2-8A96-44B9-AE44-CD03F4F1A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "63DEF1FF-1209-4FE8-820A-614BC03A03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "2396F8A8-9FAF-42B1-9404-9CABC7DAC27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "848DA8F1-EF5E-4DBC-A1BB-1D39A2900726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "CAA1B613-6F57-4300-A531-053B57DFAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "D79890E9-E12B-42B3-90D3-1E262C9E2C84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
},
{
"lang": "es",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 a 3.1.3 CD, 2.0.0 LTS a 2.0.22 LTS y 2.4.0 a 2.4.8, 2.3.0 a 2.3.3, 2.2.0 a 2.2.2 utilizan algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial."
}
],
"id": "CVE-2024-27256",
"lastModified": "2025-08-18T18:17:32.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-27T17:15:15.443",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7157667"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-40681
Vulnerability from fkie_nvd - Published: 2024-09-07 15:15 - Updated: 2025-08-15 14:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7167732 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "214D6B2D-6855-4AD5-9172-2780341DAE35",
"versionEndIncluding": "2.0.25",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3142CD8-16DC-4298-A545-4BEDEBB3A20F",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*",
"matchCriteriaId": "E76199DF-C063-498D-99B1-61FCAF92BA28",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*",
"matchCriteriaId": "AE859625-E4BA-4027-8FBE-D3CF63E993E9",
"versionEndIncluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*",
"matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*",
"matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "F281BB9F-7A08-4B7B-8CA6-30050FDA44DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.1:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "B2EDEDC5-307E-42D6-8539-5531BBC1A1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "4BA5C10C-6FCD-4C1A-958C-5B135EEE44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "48CB9920-0517-4B3F-929D-E3CC5F4B4758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "210B462C-AAE4-40B4-B79A-741ED9FF17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.2:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "F149BAF2-76F4-49B2-A5F2-3E95F6A0473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "B2773684-AD9E-43BF-B98C-263C707632E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.4:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "6367B892-DE7D-4126-B787-CD380F28A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "D838BD4B-B783-4BA8-841A-C8A3A0B8AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "4F57BE44-C60D-4993-9F0C-777A66FDC1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "C450E6E2-C798-4E3C-8828-DCF4B9B226D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "1951D2BD-E9B9-481A-BA94-F162C4B1DBE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "9835CC02-7B53-45A7-807C-828075C86B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.5:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "CCB17E4B-69D5-4CC3-B05B-DE3309878C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:-:*:*:*",
"matchCriteriaId": "E083CF51-92FF-44CE-8D5B-22C1AB182D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r1-eus:*:*:lts:*:*:*",
"matchCriteriaId": "9B9D879B-CDA6-4C97-B883-2208EFADB564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:-:*:*:*",
"matchCriteriaId": "BE934985-CF87-4634-8241-513CA5BFAB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r2-eus:*:*:lts:*:*:*",
"matchCriteriaId": "02A0DBBD-2F23-4774-9036-8BAD2DE73116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:-:*:*:*",
"matchCriteriaId": "A1339C21-9F4C-4B97-9BCF-1340193EE368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.0.6:r3-eus:*:*:lts:*:*:*",
"matchCriteriaId": "2BE156B5-068D-4B25-980B-4DA9C1E224F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "7C65DE89-E341-4524-8D28-821533422A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "77B98598-1AAF-41B7-B6F2-C6FCD04880AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.4.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D2331F4E-1DD2-423F-A1A3-9BF0FCD1CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "586E8711-3259-4435-B1A7-D1DDD04A0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "D18AE8A2-1041-46E7-AD07-FCBC4A0688B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "11AE07D3-163B-4724-ABE0-6344E118818D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "4F6A7891-8592-4926-AAFE-AADE36BBE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "A11A9BC9-C446-4BB7-82B3-A1201B039EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.2.5.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "080D987D-5DBE-4C7E-8164-272D37C0FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "F0F8EE01-9E25-4E04-85A3-7029645A329D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*",
"matchCriteriaId": "82E0B6C6-762B-4D52-BBA9-006B57772BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "CCD405D8-4163-4B85-8502-A2B80A7CB71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*",
"matchCriteriaId": "77C03044-A3C8-4ADC-B61F-CA054E177221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:-:*:*:*",
"matchCriteriaId": "0DBCE2E5-254B-4B41-BCAD-466BB433E8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*",
"matchCriteriaId": "DA7FA2E5-2D11-4633-92DE-BA329BE44C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "054ED344-6EB3-4087-99B6-23C9EACD45DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*",
"matchCriteriaId": "6C596A8A-41CD-4C6C-84B9-655AB7B41D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "B50A95CC-DCD0-434A-AA9B-845ADCB16BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*",
"matchCriteriaId": "D5807742-6617-4AE2-8B4D-B3D33C56934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:-:*:*:*",
"matchCriteriaId": "C58C239B-65AB-4949-ADC4-26F6BCF03493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*",
"matchCriteriaId": "5166CBFE-E521-4B45-9C27-323B3688801A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:-:*:*:*",
"matchCriteriaId": "E75C5767-493E-4F8F-AD2A-A59B1894CE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*",
"matchCriteriaId": "18E2DDBC-A37B-47E4-84CF-7F043B311928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "AFCFBA66-3384-4CF2-A9C3-D68C920F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*",
"matchCriteriaId": "7A89FD40-EA4A-4BEF-8E68-81985E5472CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:-:*:*:*",
"matchCriteriaId": "1286A3D6-6714-4E07-AFCF-99DE4749E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9C56648F-18DA-4BD3-86E7-6EF2AB9978F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:-:*:*:*",
"matchCriteriaId": "E8F12C0D-6044-4E2F-A782-D98D60004358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*",
"matchCriteriaId": "FBA1CDBA-76BB-4661-8BF6-B73B8557DD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:-:*:*:*",
"matchCriteriaId": "4FEC8928-0DB6-4228-92B1-9BC001BF5816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*",
"matchCriteriaId": "65CDB64E-B60B-44BB-9C4A-D064E7F892B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*",
"matchCriteriaId": "95CE7C9D-839E-47EF-949B-074285DDAD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D428D220-0F00-44F3-9243-CD2D597AD0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:-:*:*:*",
"matchCriteriaId": "1AFE6CD8-1A7D-460E-986E-9F31525CB1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*",
"matchCriteriaId": "0CB302B8-F9DA-41DE-A2AD-C82601677BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*",
"matchCriteriaId": "9039EF3F-8AE0-40AC-B1E8-D412E548BB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*",
"matchCriteriaId": "B27B123C-603C-47E8-BCAB-CD0C21083639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r3:*:*:lts:*:*:*",
"matchCriteriaId": "D1415F27-AF27-4849-80CB-AE81029BB60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B4F3B9A6-0A28-457B-A81F-ADBAEC073A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*",
"matchCriteriaId": "49653FF2-5930-419F-A144-2D4844336EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*",
"matchCriteriaId": "B2663B1F-4FC4-4107-9826-99BAA7FB3AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*",
"matchCriteriaId": "096CFD86-359A-4B6F-A532-FDFFD31D922C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*",
"matchCriteriaId": "2342CC92-8694-4C58-83E5-43809B1D62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*",
"matchCriteriaId": "78B41AA5-63D9-47A8-A7A8-AAA173923DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*",
"matchCriteriaId": "6661AC57-6AF4-4334-A82A-C8F69170CBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*",
"matchCriteriaId": "30BF81E9-4538-4018-9506-BB2A406463ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*",
"matchCriteriaId": "F48F829C-DE92-4153-BEC1-618F0544B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*",
"matchCriteriaId": "556A2A93-8707-4C39-86E7-66392B05B3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "271ACED8-48D7-44C8-888A-45BE5B2B7239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.1.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "482FD0F0-4C26-4182-A122-150D37FA0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0F010DC-F86C-4B19-BF27-3ACCD5B65EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "D57CCD9C-0310-4B29-AEB5-B9C3BCF84BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "1C0BC3BC-47DE-4472-B869-A5BB21F1241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.2.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "3C836DF9-402D-4492-848C-8CABECCEBF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r1:*:*:-:*:*:*",
"matchCriteriaId": "E57BB02E-92A2-4C31-AEBA-220AC2B52139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.0:r2:*:*:-:*:*:*",
"matchCriteriaId": "B0ED267C-F4F5-4F3D-B9D1-DEFC18E577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r1:*:*:-:*:*:*",
"matchCriteriaId": "B0B46455-A3B3-46B9-B023-9C40999EC887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.1:r2:*:*:-:*:*:*",
"matchCriteriaId": "BDB7F6E0-D7BB-4239-9BB6-CC538AFCC9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r1:*:*:-:*:*:*",
"matchCriteriaId": "38B60909-E70D-45A1-B95F-0AC902DBF2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r2:*:*:-:*:*:*",
"matchCriteriaId": "DC13C717-8DF5-47B0-89C3-6E9F4C27865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.2:r3:*:*:-:*:*:*",
"matchCriteriaId": "90854BD5-8939-4602-A7FF-3F1060B91B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r1:*:*:-:*:*:*",
"matchCriteriaId": "8E1859F6-F032-4BBB-B697-537E1AE08CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.3.3:r2:*:*:-:*:*:*",
"matchCriteriaId": "D261EABB-12C7-4853-B8D2-1F7A0787934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "82B2A6C2-8A96-44B9-AE44-CD03F4F1A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.4.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "63DEF1FF-1209-4FE8-820A-614BC03A03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "2396F8A8-9FAF-42B1-9404-9CABC7DAC27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "848DA8F1-EF5E-4DBC-A1BB-1D39A2900726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r1:*:*:cd:*:*:*",
"matchCriteriaId": "CAA1B613-6F57-4300-A531-053B57DFAD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.5.1:r2:*:*:cd:*:*:*",
"matchCriteriaId": "D79890E9-E12B-42B3-90D3-1E262C9E2C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:cd:*:*:*",
"matchCriteriaId": "883A365A-B3E6-43CD-B422-1A4236BCF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:cd:*:*:*",
"matchCriteriaId": "DF280B49-9101-4082-A5E1-6DB1A36C9A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:cd:*:*:*",
"matchCriteriaId": "BC7949E8-0564-4867-B17B-6145883CA0CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
},
{
"lang": "es",
"value": "IBM MQ Operator 2.0.26 y 3.2.4 podr\u00edan permitir que un usuario autenticado con un rol espec\u00edficamente definido evite restricciones de seguridad y ejecute acciones contra el gestor de colas."
}
],
"id": "CVE-2024-40681",
"lastModified": "2025-08-15T14:21:47.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-07T15:15:10.167",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-40680
Vulnerability from fkie_nvd - Published: 2024-09-07 14:15 - Updated: 2024-10-31 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7167732 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq_operator | 2.0.26 | |
| ibm | mq_operator | 3.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:2.0.26:*:*:*:-:*:*:*",
"matchCriteriaId": "4B3337CC-AA0A-4A5B-AAC9-ACC28E60E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.2.4:*:*:*:-:*:*:*",
"matchCriteriaId": "A2D00BF5-4EA7-4394-A61B-E331316F5EDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
},
{
"lang": "es",
"value": "IBM MQ Operator 2.0.26 y 3.2.4 podr\u00eda permitir que un usuario local provoque una denegaci\u00f3n de servicio debido a una asignaci\u00f3n de memoria incorrecta que provoque un error de segmentaci\u00f3n."
}
],
"id": "CVE-2024-40680",
"lastModified": "2024-10-31T17:15:12.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-07T14:15:02.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-39742
Vulnerability from fkie_nvd - Published: 2024-07-08 14:15 - Updated: 2024-11-21 09:28
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | 3.0.0 | |
| ibm | mq_operator | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99553BC0-D49F-46BA-B833-8A6C9A8BBDF8",
"versionEndExcluding": "2.0.24",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE923D7C-C0E9-4CE1-B7B9-7694F1006550",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F006FBC3-0F42-41B7-B4E4-ABD22F80E5FE",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "266BF570-D143-4E99-A596-B2485C2E1DB7",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E5BBE5-8A1C-44A1-BDDA-5B504F9D14E6",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64E7B54E-E5D2-4FD1-81FE-6DDC77C67684",
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF662FFB-4349-4DEF-B1AA-BFBAEE20780F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C238288E-9E3C-4FD8-88E7-E850DCE5B36F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
},
{
"lang": "es",
"value": "IBM MQ Operador 3.2.2 e IBM MQ Operador 2.0.24 podr\u00edan permitir a un usuario omitir la autenticaci\u00f3n en determinadas configuraciones debido a una vulnerabilidad de comparaci\u00f3n de cadenas parciales. ID de IBM X-Force: 297169."
}
],
"id": "CVE-2024-39742",
"lastModified": "2024-11-21T09:28:19.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-08T14:15:02.550",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-187"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-39743
Vulnerability from fkie_nvd - Published: 2024-07-08 14:15 - Updated: 2024-11-21 09:28
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | * | |
| ibm | mq_operator | 3.0.0 | |
| ibm | mq_operator | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99553BC0-D49F-46BA-B833-8A6C9A8BBDF8",
"versionEndExcluding": "2.0.24",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE923D7C-C0E9-4CE1-B7B9-7694F1006550",
"versionEndIncluding": "2.2.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F006FBC3-0F42-41B7-B4E4-ABD22F80E5FE",
"versionEndIncluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "266BF570-D143-4E99-A596-B2485C2E1DB7",
"versionEndIncluding": "2.4.8",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E5BBE5-8A1C-44A1-BDDA-5B504F9D14E6",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64E7B54E-E5D2-4FD1-81FE-6DDC77C67684",
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF662FFB-4349-4DEF-B1AA-BFBAEE20780F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C238288E-9E3C-4FD8-88E7-E850DCE5B36F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
},
{
"lang": "es",
"value": "IBM MQ Operador 3.2.2 e IBM MQ Operador 2.0.24 podr\u00edan permitir a un usuario provocar una denegaci\u00f3n de servicio en determinadas configuraciones debido a una vulnerabilidad de comparaci\u00f3n de cadenas parciales. ID de IBM X-Force: 297172."
}
],
"id": "CVE-2024-39743",
"lastModified": "2024-11-21T09:28:20.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-08T14:15:02.823",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-33013 (GCVE-0-2025-33013)
Vulnerability from cvelistv5 – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
Severity ?
6.2 (Medium)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:40.272604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:03:48.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:27:18.300Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33013",
"datePublished": "2025-07-24T14:55:04.945Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-08-18T01:27:18.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36005 (GCVE-0-2025-36005)
Vulnerability from cvelistv5 – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:30.894944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:04:05.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:24:38.369Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36005",
"datePublished": "2025-07-24T14:52:53.238Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-08-17T01:24:38.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36041 (GCVE-0-2025-36041)
Vulnerability from cvelistv5 – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity ?
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T13:38:47.283894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T13:39:03.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:52:26.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36041",
"datePublished": "2025-06-15T12:51:06.394Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-24T11:52:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1333 (GCVE-0-2025-1333)
Vulnerability from cvelistv5 – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
VLAI?
Summary
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
Severity ?
6 (Medium)
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:36:23.026891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:36:30.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
}
],
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:00:22.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1333",
"datePublished": "2025-05-01T22:07:08.697Z",
"dateReserved": "2025-02-15T13:46:56.478Z",
"dateUpdated": "2025-08-28T15:00:22.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27365 (GCVE-0-2025-27365)
Vulnerability from cvelistv5 – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T12:44:58.452230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T12:45:05.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:59:58.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27365",
"datePublished": "2025-05-01T21:24:24.884Z",
"dateReserved": "2025-02-22T15:25:27.068Z",
"dateUpdated": "2025-08-28T14:59:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27256 (GCVE-0-2024-27256)
Vulnerability from cvelistv5 – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
VLAI?
Summary
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.4.0 , ≤ 2.4.8
(semver)
Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver) Affected: 3.0.0 CD, 3.0.1 CD Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T16:38:52.951975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:29:12.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.22 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 CD, 3.0.1 CD"
},
{
"lessThanOrEqual": "3.1.3 CD",
"status": "affected",
"version": "3.1.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T16:27:53.275Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7157667"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27256",
"datePublished": "2025-01-27T16:27:53.275Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2025-02-18T19:29:12.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40681 (GCVE-0-2024-40681)
Vulnerability from cvelistv5 – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
VLAI?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
Severity ?
7.5 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Affected:
9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:20.594086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:29.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:31:36.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40681",
"datePublished": "2024-09-07T14:09:19.767Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:31:36.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40680 (GCVE-0-2024-40680)
Vulnerability from cvelistv5 – Published: 2024-09-07 14:02 – Updated: 2024-10-31 16:26
VLAI?
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
Severity ?
5.5 (Medium)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:47.896534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:08.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:26:59.453Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40680",
"datePublished": "2024-09-07T14:02:30.422Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:26:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39742 (GCVE-0-2024-39742)
Vulnerability from cvelistv5 – Published: 2024-07-08 13:16 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
Severity ?
8.1 (High)
CWE
- CWE-187 - Partial Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mq_operator",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "2.0.24"
},
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T20:36:49.944598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:40:48.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:16:10.090Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39742",
"datePublished": "2024-07-08T13:16:10.090Z",
"dateReserved": "2024-06-28T09:34:35.183Z",
"dateUpdated": "2024-08-02T04:26:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39743 (GCVE-0-2024-39743)
Vulnerability from cvelistv5 – Published: 2024-07-08 13:14 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
Severity ?
5.9 (Medium)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:41:53.322390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:58:56.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T13:48:40.013Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39743",
"datePublished": "2024-07-08T13:14:43.915Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-02T04:26:16.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33013 (GCVE-0-2025-33013)
Vulnerability from nvd – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
Severity ?
6.2 (Medium)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:40.272604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:03:48.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:27:18.300Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33013",
"datePublished": "2025-07-24T14:55:04.945Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-08-18T01:27:18.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36005 (GCVE-0-2025-36005)
Vulnerability from nvd – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:30.894944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:04:05.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:24:38.369Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36005",
"datePublished": "2025-07-24T14:52:53.238Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-08-17T01:24:38.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36041 (GCVE-0-2025-36041)
Vulnerability from nvd – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity ?
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T13:38:47.283894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T13:39:03.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:52:26.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36041",
"datePublished": "2025-06-15T12:51:06.394Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-24T11:52:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1333 (GCVE-0-2025-1333)
Vulnerability from nvd – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
VLAI?
Summary
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
Severity ?
6 (Medium)
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:36:23.026891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:36:30.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
}
],
"value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:00:22.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1333",
"datePublished": "2025-05-01T22:07:08.697Z",
"dateReserved": "2025-02-15T13:46:56.478Z",
"dateUpdated": "2025-08-28T15:00:22.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27365 (GCVE-0-2025-27365)
Vulnerability from nvd – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
VLAI?
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T12:44:58.452230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T12:45:05.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:59:58.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232272"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
}
],
"value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27365",
"datePublished": "2025-05-01T21:24:24.884Z",
"dateReserved": "2025-02-22T15:25:27.068Z",
"dateUpdated": "2025-08-28T14:59:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27256 (GCVE-0-2024-27256)
Vulnerability from nvd – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
VLAI?
Summary
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.4.0 , ≤ 2.4.8
(semver)
Affected: 2.3.0 , ≤ 2.3.3 (semver) Affected: 2.2.0 , ≤ 2.2.2 (semver) Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver) Affected: 3.0.0 CD, 3.0.1 CD Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:* cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T16:38:52.951975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:29:12.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.22 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 CD, 3.0.1 CD"
},
{
"lessThanOrEqual": "3.1.3 CD",
"status": "affected",
"version": "3.1.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T16:27:53.275Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7157667"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27256",
"datePublished": "2025-01-27T16:27:53.275Z",
"dateReserved": "2024-02-22T01:26:15.968Z",
"dateUpdated": "2025-02-18T19:29:12.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40681 (GCVE-0-2024-40681)
Vulnerability from nvd – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
VLAI?
Summary
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
Severity ?
7.5 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ |
Affected:
9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:20.594086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:29.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:31:36.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40681",
"datePublished": "2024-09-07T14:09:19.767Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:31:36.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40680 (GCVE-0-2024-40680)
Vulnerability from nvd – Published: 2024-09-07 14:02 – Updated: 2024-10-31 16:26
VLAI?
Summary
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
Severity ?
5.5 (Medium)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:47.896534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:08.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.3 CD, 9.4 LTS, 9.4 CD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:26:59.453Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7167732"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40680",
"datePublished": "2024-09-07T14:02:30.422Z",
"dateReserved": "2024-07-08T19:30:52.529Z",
"dateUpdated": "2024-10-31T16:26:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39742 (GCVE-0-2024-39742)
Vulnerability from nvd – Published: 2024-07-08 13:16 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
Severity ?
8.1 (High)
CWE
- CWE-187 - Partial Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mq_operator",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "2.0.24"
},
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T20:36:49.944598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:40:48.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:16:10.090Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39742",
"datePublished": "2024-07-08T13:16:10.090Z",
"dateReserved": "2024-06-28T09:34:35.183Z",
"dateUpdated": "2024-08-02T04:26:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39743 (GCVE-0-2024-39743)
Vulnerability from nvd – Published: 2024-07-08 13:14 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
Severity ?
5.9 (Medium)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.24, 3.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:41:53.322390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:58:56.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0.24, 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T13:48:40.013Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Container denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39743",
"datePublished": "2024-07-08T13:14:43.915Z",
"dateReserved": "2024-06-28T09:34:46.056Z",
"dateUpdated": "2024-08-02T04:26:16.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}