PT-2024-28983 · Ibm · Ibm Mq Operator+1
Published
2024-09-07
·
Updated
2025-08-15
·
CVE-2024-40681
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM MQ versions 9.1 LTS through 9.4 CD
IBM MQ Operator versions 2.0.26 through 3.2.4
Description
The issue allows an authenticated user in a specifically defined role to bypass security restrictions and execute actions against the queue manager.
Recommendations
For IBM MQ versions 9.1 LTS through 9.4 CD, update to a version that includes the security fix for this issue.
For IBM MQ Operator versions 2.0.26 through 3.2.4, update to a version that includes the security fix for this issue.
As a temporary workaround, consider restricting access to the queue manager for authenticated users with specifically defined roles until a patch is available.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Mq
Ibm Mq Operator