Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for supplied_mq_advanced_container_images by ibm

    CVE-2025-36005 (GCVE-0-2025-36005)

    Vulnerability from nvd – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7240431 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.2.0 SC2 , ≤ 3.2.13 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-24T15:03:30.894944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-24T15:04:05.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.13 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:24:38.369Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7240431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36005",
        "datePublished": "2025-07-24T14:52:53.238Z",
        "dateReserved": "2025-04-15T21:16:05.532Z",
        "dateUpdated": "2025-08-17T01:24:38.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33013 (GCVE-0-2025-33013)

    Vulnerability from nvd – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7240431 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.2.0 SC2 , ≤ 3.2.13 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-24T15:03:40.272604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-24T15:03:48.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.13 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-244",
                  "description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:27:18.300Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7240431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33013",
        "datePublished": "2025-07-24T14:55:04.945Z",
        "dateReserved": "2025-04-15T09:48:51.519Z",
        "dateUpdated": "2025-08-18T01:27:18.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36041 (GCVE-0-2025-36041)

    Vulnerability from nvd – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
    VLAI
    Title
    IBM MQ improper certificate validation
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7236608 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T13:38:47.283894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T13:39:03.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:52:26.288Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7236608"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ improper certificate validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36041",
        "datePublished": "2025-06-15T12:51:06.394Z",
        "dateReserved": "2025-04-15T21:16:10.568Z",
        "dateUpdated": "2025-08-24T11:52:26.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27365 (GCVE-0-2025-27365)

    Vulnerability from nvd – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
    VLAI
    Title
    IBM MQ Operator denial of service
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232272 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T12:44:58.452230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T12:45:05.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:59:58.108Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232272"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-27365",
        "datePublished": "2025-05-01T21:24:24.884Z",
        "dateReserved": "2025-02-22T15:25:27.068Z",
        "dateUpdated": "2025-08-28T14:59:58.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1333 (GCVE-0-2025-1333)

    Vulnerability from nvd – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-214 - Invocation of Process Using Visible Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232272 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T14:36:23.026891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T14:36:30.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
                }
              ],
              "value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-214",
                  "description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T15:00:22.174Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232272"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1333",
        "datePublished": "2025-05-01T22:07:08.697Z",
        "dateReserved": "2025-02-15T13:46:56.478Z",
        "dateUpdated": "2025-08-28T15:00:22.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27256 (GCVE-0-2024-27256)

    Vulnerability from nvd – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.4.0 , ≤ 2.4.8 (semver)
    Affected: 2.3.0 , ≤ 2.3.3 (semver)
    Affected: 2.2.0 , ≤ 2.2.2 (semver)
    Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver)
    Affected: 3.0.0 CD, 3.0.1 CD
    Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T16:38:52.951975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T19:29:12.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.8",
                  "status": "affected",
                  "version": "2.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.0.22 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0 CD, 3.0.1 CD"
                },
                {
                  "lessThanOrEqual": "3.1.3 CD",
                  "status": "affected",
                  "version": "3.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
                }
              ],
              "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T16:27:53.275Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7157667"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-27256",
        "datePublished": "2025-01-27T16:27:53.275Z",
        "dateReserved": "2024-02-22T01:26:15.968Z",
        "dateUpdated": "2025-02-18T19:29:12.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40681 (GCVE-0-2024-40681)

    Vulnerability from nvd – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
    VLAI
    Title
    IBM MQ security bypass
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:10:20.594086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:10:29.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
                }
              ],
              "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T16:31:36.738Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7167732"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ security bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-40681",
        "datePublished": "2024-09-07T14:09:19.767Z",
        "dateReserved": "2024-07-08T19:30:52.529Z",
        "dateUpdated": "2024-10-31T16:31:36.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33013 (GCVE-0-2025-33013)

    Vulnerability from cvelistv5 – Published: 2025-07-24 14:55 – Updated: 2025-08-18 01:27
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7240431 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.2.0 SC2 , ≤ 3.2.13 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-24T15:03:40.272604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-24T15:03:48.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.13 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-244",
                  "description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:27:18.300Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7240431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33013",
        "datePublished": "2025-07-24T14:55:04.945Z",
        "dateReserved": "2025-04-15T09:48:51.519Z",
        "dateUpdated": "2025-08-18T01:27:18.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36005 (GCVE-0-2025-36005)

    Vulnerability from cvelistv5 – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7240431 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    IBM MQ Operator Affected: 3.2.0 SC2 , ≤ 3.2.13 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-24T15:03:30.894944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-24T15:04:05.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.13 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:24:38.369Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7240431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36005",
        "datePublished": "2025-07-24T14:52:53.238Z",
        "dateReserved": "2025-04-15T21:16:05.532Z",
        "dateUpdated": "2025-08-17T01:24:38.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36041 (GCVE-0-2025-36041)

    Vulnerability from cvelistv5 – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
    VLAI
    Title
    IBM MQ improper certificate validation
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7236608 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T13:38:47.283894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T13:39:03.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:52:26.288Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7236608"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ improper certificate validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36041",
        "datePublished": "2025-06-15T12:51:06.394Z",
        "dateReserved": "2025-04-15T21:16:10.568Z",
        "dateUpdated": "2025-08-24T11:52:26.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1333 (GCVE-0-2025-1333)

    Vulnerability from cvelistv5 – Published: 2025-05-01 22:07 – Updated: 2025-08-28 15:00
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-214 - Invocation of Process Using Visible Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232272 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T14:36:23.026891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T14:36:30.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.\u003cbr\u003e"
                }
              ],
              "value": "IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-214",
                  "description": "CWE-214 Invocation of Process Using Visible Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T15:00:22.174Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232272"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1333",
        "datePublished": "2025-05-01T22:07:08.697Z",
        "dateReserved": "2025-02-15T13:46:56.478Z",
        "dateUpdated": "2025-08-28T15:00:22.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27365 (GCVE-0-2025-27365)

    Vulnerability from cvelistv5 – Published: 2025-05-01 21:24 – Updated: 2025-08-28 14:59
    VLAI
    Title
    IBM MQ Operator denial of service
    Summary
    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232272 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.0.0 LTS , ≤ 2.0.29 LTS (semver)
    Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD
    Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T12:44:58.452230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T12:45:05.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.2.10:*:*:*:support_cycle_2:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.29 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD"
                },
                {
                  "lessThanOrEqual": "3.2.10 SC2",
                  "status": "affected",
                  "version": "3.2.0 SC2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\u003c/span\u003e"
                }
              ],
              "value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10\u00a0\n\nClient connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:59:58.108Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232272"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Issues mentioned by this security bulletin are addressed in\u0026nbsp;\u003cbr\u003eIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.2.1-r1 release.\u003cbr\u003eIBM strongly recommends applying the latest container images."
                }
              ],
              "value": "Issues mentioned by this security bulletin are addressed in\u00a0\nIBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. \nIBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image.\nIBM MQ Container 9.4.2.1-r1 release.\nIBM strongly recommends applying the latest container images."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-27365",
        "datePublished": "2025-05-01T21:24:24.884Z",
        "dateReserved": "2025-02-22T15:25:27.068Z",
        "dateUpdated": "2025-08-28T14:59:58.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27256 (GCVE-0-2024-27256)

    Vulnerability from cvelistv5 – Published: 2025-01-27 16:27 – Updated: 2025-02-18 19:29
    VLAI
    Title
    IBM MQ Operator information disclosure
    Summary
    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Operator Affected: 2.4.0 , ≤ 2.4.8 (semver)
    Affected: 2.3.0 , ≤ 2.3.3 (semver)
    Affected: 2.2.0 , ≤ 2.2.2 (semver)
    Affected: 2.0.0 LTS , ≤ 2.0.22 LTS (semver)
    Affected: 3.0.0 CD, 3.0.1 CD
    Affected: 3.1.0 CD , ≤ 3.1.3 CD (semver)
        cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*
        cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T16:38:52.951975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T19:29:12.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.0.22:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.2.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.2.2:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.3.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.3.3:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.4.0:*:*:*:-:*:*:*",
                "cpe:2.3:a:ibm:mq_operator:2.4.8:*:*:*:-:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ Operator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.8",
                  "status": "affected",
                  "version": "2.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.0.22 LTS",
                  "status": "affected",
                  "version": "2.0.0 LTS",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "3.0.0 CD, 3.0.1 CD"
                },
                {
                  "lessThanOrEqual": "3.1.3 CD",
                  "status": "affected",
                  "version": "3.1.0 CD",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u0026nbsp;2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
                }
              ],
              "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-27T16:27:53.275Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7157667"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ Operator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-27256",
        "datePublished": "2025-01-27T16:27:53.275Z",
        "dateReserved": "2024-02-22T01:26:15.968Z",
        "dateUpdated": "2025-02-18T19:29:12.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40681 (GCVE-0-2024-40681)

    Vulnerability from cvelistv5 – Published: 2024-09-07 14:09 – Updated: 2024-10-31 16:31
    VLAI
    Title
    IBM MQ security bypass
    Summary
    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Affected: 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
        cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:10:20.594086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:10:29.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:mq_appliance:9.1:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.2:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.3:*:*:*:continuous_delivery:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:mq_appliance:9.4:*:*:*:continuous_delivery:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "MQ",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
                }
              ],
              "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T16:31:36.738Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7167732"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM MQ security bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-40681",
        "datePublished": "2024-09-07T14:09:19.767Z",
        "dateReserved": "2024-07-08T19:30:52.529Z",
        "dateUpdated": "2024-10-31T16:31:36.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }