Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.

Published

2024-07-08T14:15:02.550

Last Modified

2024-11-21T09:28:19.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-187
Type: Primary
CWE-697

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	mq_operator	< 2.0.24	Yes
Application	ibm	mq_operator	≤ 2.2.2	Yes
Application	ibm	mq_operator	≤ 2.3.3	Yes
Application	ibm	mq_operator	≤ 2.4.8	Yes
Application	ibm	mq_operator	≤ 3.1.3	Yes
Application	ibm	mq_operator	< 3.2.2	Yes
Application	ibm	mq_operator	3.0.0	Yes
Application	ibm	mq_operator	3.0.1	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/297169 VDB Entry ([email protected])
https://www.ibm.com/support/pages/node/7159714 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/297169 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7159714 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)