IBM MQ Operator Vulnerabilities: Weak Cryptographic Algorithms Expose Sensitive Information
CVE-2024-27255

7.5HIGH

Key Information:

Vendor
IBM
Status
MQ Operator
Vendor
CVE Published:
3 March 2024

Summary

IBM MQ Operator versions 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, along with several earlier versions (2.4.0 to 2.4.7, 2.3.0 to 2.3.3, and 2.2.0 to 2.2.2) utilize cryptographic algorithms that do not meet security standards. This vulnerability may enable unauthorized parties to decrypt sensitive information guarded by weak encryption, thus compromising data integrity and confidentiality. Organizations utilizing these affected versions should prioritize an urgent review of their security protocols and consider upgrading to robust encryption frameworks.

Affected Version(s)

MQ Operator 2.0.0 LTS <= 2.0.18 LTS

MQ Operator 2.4.0 <= 2.4.7

MQ Operator 2.3.0 <= 2.3.3

References

https://www.ibm.com/support/pages/node/7126571
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/283905
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.