CVE-2023-47745

Name of the Vulnerable Software and Affected Versions IBM MQ Operator versions 2.0.0 LTS through 2.0.18 LTS IBM MQ Operator versions 2.2.0 through 2.2.2 IBM MQ Operator versions 2.3.0 through 2.3.3 IBM MQ Operator versions 2.4.0 through 2.4.7 IBM MQ Operator versions 3.0.0 CD through 3.0.1 CD

Description The issue is related to the storage or transmission of critical information in plain clear text, which can be read by a local user using a trace command. This may allow an attacker to disclose protected information.

Recommendations For IBM MQ Operator versions 2.0.0 LTS through 2.0.18 LTS, update to a version that does not store or transmit user credentials in plain clear text. For IBM MQ Operator versions 2.2.0 through 2.2.2, update to a version that does not store or transmit user credentials in plain clear text. For IBM MQ Operator versions 2.3.0 through 2.3.3, update to a version that does not store or transmit user credentials in plain clear text. For IBM MQ Operator versions 2.4.0 through 2.4.7, update to a version that does not store or transmit user credentials in plain clear text. For IBM MQ Operator versions 3.0.0 CD through 3.0.1 CD, update to a version that does not store or transmit user credentials in plain clear text. As a temporary workaround, consider restricting access to the trace command to minimize the risk of exploitation.