Weak Cryptographic Algorithms Affect IBM MQ Container Products
CVE-2024-27256

5.9MEDIUM

Key Information:

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 27 January 2025

Summary

IBM MQ Container versions 3.0.0 to 3.1.3 and 2.0.0 LTS to 2.4.8 exhibit weaknesses in cryptographic algorithms. These algorithms could potentially allow an attacker to decrypt sensitive information, posing a significant risk to data confidentiality. Users of affected versions should review their deployment and consider applying recommended patches or workarounds from IBM to mitigate this security issue.

Affected Version(s)

MQ Operator 2.4.0 <= 2.4.8

MQ Operator 2.3.0 <= 2.3.3

MQ Operator 2.2.0 <= 2.2.2

References

https://www.ibm.com/support/pages/node/7157667

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Feb 22, 2024