IBM MQ Operator
Moderate fix2 remedies
cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*
Moderate fix2 remedies
- 3.0.0
- 3.0.1
- >= 3.1.0, <= 3.1.3
- >= 2.0.0, <= 2.0.22
- >= 2.4.0, <= 2.4.8
- >= 2.3.0, <= 2.3.3
- >= 2.2.0, <= 2.2.2
IBM MQ Container Cryptographic Vulnerability Allowing Decryption of Sensitive Information
Vulnerability
Patched
A vulnerability exists in IBM MQ Container versions 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS, as well as 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, and 2.2.0 through 2.2.2. These versions use cryptographic algorithms that are weaker than expected, potentially allowing an attacker to decrypt highly sensitive information.
Impact
Exploitation of this vulnerability could lead to unauthorized decryption of sensitive information, allowing attackers to access confidential data that should be protected.
Remediation
Users can upgrade to IBM MQ Operator v3.2.0 CD or v2.0.23 LTS, both of which include the necessary fix. Details for these versions are available in the IBM Support Security Bulletin.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.2impact
2.5exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.