CVE-2024-27256

Name of the Vulnerable Software and Affected Versions IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3

Description The issue is related to the use of weaker than expected cryptographic algorithms in the IBM MQ Operator, which could allow a remote attacker to decrypt highly sensitive information.

Recommendations For IBM MQ Container versions 2.0.0 through 2.0.22, update to a version that uses stronger cryptographic algorithms. For IBM MQ Container versions 2.2.0 through 2.2.2, update to a version that uses stronger cryptographic algorithms. For IBM MQ Container versions 2.3.0 through 2.3.3, update to a version that uses stronger cryptographic algorithms. For IBM MQ Container versions 2.4.0 through 2.4.8, update to a version that uses stronger cryptographic algorithms. For IBM MQ Container versions 3.0.0, 3.0.1, update to a version that uses stronger cryptographic algorithms. For IBM MQ Container versions 3.1.0 through 3.1.3, update to a version that uses stronger cryptographic algorithms.