Severity
Medium
Analysis Summary
CVE-2024-40681 CVSS:7.5
IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
CVE-2024-40680 CVSS:5.5
IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
CVE-2024-37068 CVSS:5.9
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Impact
- Security Bypass
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-40681
- CVE-2024-40680
- CVE-2024-37068
Affected Vendors
IBM
Affected Products
- IBM Maximo Application Suite 8.10
- IBM Maximo Application Suite 8.11
- IBM MQ container software IBM MQ Operator v3.2.4
- IBM MQ container software IBM MQ Operator v2.0.26
- IBM IBM MQ Operator 3.2.4
- IBM IBM MQ Operator 2.0.6
- IBM Maximo Application Suite 9.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.