HIGH🇵🇱 Wersja polska

CVE-2024-40681

CVSS 7.5v3.1pub. 2024-09-07upd. 2025-08-15

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • IBM Mq Operator

    APP
    Ibm
    3.0.03.0.12.3.0 – 2.3.32.4.0 – 2.4.83.1.0 – 3.1.33.2.0 – 3.2.32.0.0 – 2.0.252.2.0 – 2.2.2
  • IBM Supplied Mq Advanced Container Images

    APP
    Ibm
    9.2.0.19.2.0.29.2.0.49.2.0.59.2.0.69.2.3.09.2.4.09.2.5.09.3.0.09.3.0.19.3.0.109.3.0.119.3.0.159.3.0.169.3.0.17+ 18 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-39742HIGH8.1ten sam produkt

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain con...

CVE-2025-33013MEDIUM6.2ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-36005MEDIUM5.9ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-36041MEDIUM4.7ten sam produkt

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4....

CVE-2025-1333MEDIUM6.0ten sam produkt

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1...