Primary

Context

IBM MQ Operator Heap Memory Vulnerability Leading to Sensitive Information Disclosure

Vulnerability

Patched

A vulnerability exists in multiple versions of IBM MQ Operator, including LTS, CD, and SC2 distributions. The issue arises from improper management of heap memory, which can result in the unintentional disclosure of sensitive information to local users.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information.

Remediation

Users can upgrade to IBM MQ Operator v3.6.1 for CD releases or v3.2.14 for SC2 releases. Details for these versions are available in the IBM Support Security Bulletin.

Added: Jul 24, 2025, 6:09 PM

Updated: Jul 24, 2025, 6:09 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM MQ Operator Heap Memory Vulnerability Leading to Sensitive Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

IBM MQ Operator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating