HIGH🇵🇱 Wersja polska

CVE-2024-39742

CVSS 8.1v3.1pub. 2024-07-08upd. 2024-11-21

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Mq Operator

    APP
    Ibm
    3.0.03.0.12.3.0 – 2.3.32.4.0 – 2.4.82.0.0 – 2.0.24 (bez)3.2.0 – 3.2.2 (bez)3.1.0 – 3.1.32.2.0 – 2.2.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-40681HIGH7.5ten sam produkt

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifica...

CVE-2025-33013MEDIUM6.2ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-36005MEDIUM5.9ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-36041MEDIUM4.7ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-1333MEDIUM6.0ten sam produkt

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1...