CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36041 – IBM MQ improper certificate validation
https://notcve.org/view.php?id=CVE-2025-36041
15 Jun 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. • https://www.ibm.com/support/pages/node/7236608 • CWE-295: Improper Certificate Validation •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1333 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-1333
01 May 2025 — IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user. • https://www.ibm.com/support/pages/node/7232272 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27365 – IBM MQ Operator denial of service
https://notcve.org/view.php?id=CVE-2025-27365
01 May 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. • https://www.ibm.com/support/pages/node/7232272 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27256 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2024-27256
27 Jan 2025 — IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt ... • https://www.ibm.com/support/pages/node/7157667 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40681 – IBM MQ security bypass
https://notcve.org/view.php?id=CVE-2024-40681
07 Sep 2024 — IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. • https://www.ibm.com/support/pages/node/7167732 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40680 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-40680
07 Sep 2024 — IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297611 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39742 – IBM MQ Container authentication bypass
https://notcve.org/view.php?id=CVE-2024-39742
08 Jul 2024 — IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169. • https://exchange.xforce.ibmcloud.com/vulnerabilities/297169 • CWE-187: Partial String Comparison •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39743 – IBM MQ Container denial of service
https://notcve.org/view.php?id=CVE-2024-39743
08 Jul 2024 — IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172. IBM MQ Operador 3.2.2 e IBM MQ Operador 2.0.24 podrían permitir a un usuario provocar una denegación de servicio en determinadas configuraciones debido a una vulnerabilidad de comparación de cadenas parciales. ID de IBM X-Force... • https://exchange.xforce.ibmcloud.com/vulnerabilities/297172 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47745 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2023-47745
03 Mar 2024 — IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272638 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27255 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2024-27255
03 Mar 2024 — IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •