Bypass Security Restrictions with IBM MQ Operator

CVE-2024-40681

7.5HIGH

Key Information

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 7 September 2024

Summary

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

Affected Version(s)

MQ Operator = 2.0.26, 3.2.4

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 7, 2024
Vulnerability Reserved.
Jul 8, 2024

Collectors

NVD DatabaseMitre Database