Bypass Authentication Vulnerability in IBM MQ Operator
CVE-2024-39742

9.8CRITICAL

Key Information:

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 8 July 2024

Summary

The vulnerability in IBM MQ Operator versions 3.2.2 and 2.0.24 exposes users to potential authentication bypass attacks due to a flaw in how the system performs partial string comparisons. This can allow unauthorized access to certain functionalities under specific configurations, which can compromise the security of the application. The issue has been documented under IBM X-Force ID: 297169 and requires urgent attention from users to ensure their systems are not susceptible to exploitation.

Affected Version(s)

MQ Operator 2.0.24, 3.2.2

References

https://www.ibm.com/support/pages/node/7159714

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/297169

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Jun 28, 2024