IBM MQ Operator Denial of Service Vulnerability
CVE-2024-39743

7.5HIGH

Key Information:

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 8 July 2024

Summary

IBM MQ Operator versions 3.2.2 and 2.0.24, as well as IBM MQ Container Developer Edition, exhibit a vulnerability that can be exploited by a remote attacker to initiate a denial of service attack. This flaw is due to improper memory de-allocation, which allows an attacker to induce excessive memory consumption on affected servers. Organizations utilizing these versions should review the advisory for mitigation strategies to protect their systems against potential exploitation.

Affected Version(s)

MQ Operator 2.0.24, 3.2.2

References

https://www.ibm.com/support/pages/node/7159714

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/297172

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Jun 28, 2024