Severity
Medium
Analysis Summary
CVE-2024-27255 CVSS:5.9
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-25016 CVSS:7.5
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.
CVE-2024-22355 CVSS:5.9
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2023-47742 CVSS:5.9
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances.
Impact
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-27255
- CVE-2024-25016
- CVE-2024-22355
- CVE-2023-47742
Affected Vendors
IBM
Affected Products
- IBM Cloud Pak for Security 1.10.0.0
- IBM MQ 9.0 LTS
- IBM MQ 9.1 LTS
- IBM MQ 9.2 LTS
- IBM MQ 9.3 LTS
- IBM MQ 9.3 CD
- IBM Cloud Pak for Security 1.10.11.0
- IBM QRadar Suite Software 1.10.12.0
- IBM MQ Operator 2.3.0
- IBM MQ Operator 2.3.3
- IBM MQ Operator 2.0.0
- IBM MQ Operator 2.4.0
- IBM MQ Operator 2.2.0
- IBM MQ Operator 2.2.2
- IBM MQ Operator 3.0.0
- IBM MQ Operator 2.0.18
- IBM MQ Operator 2.4.7
- IBM MQ Operator 3.0.1
- IBM QRadar Suite Software 1.10.18.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information