Rewterz Threat Advisory – Multiple IBM MQ and QRadar Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-27255 CVSS:5.9

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2024-25016 CVSS:7.5

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic.

CVE-2024-22355 CVSS:5.9

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CVE-2023-47742 CVSS:5.9

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances.

Impact

• Denial of Service
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2024-27255
• CVE-2024-25016
• CVE-2024-22355
• CVE-2023-47742

Affected Vendors

IBM

Affected Products

• IBM Cloud Pak for Security 1.10.0.0
• IBM MQ 9.0 LTS
• IBM MQ 9.1 LTS
• IBM MQ 9.2 LTS
• IBM MQ 9.3 LTS
• IBM MQ 9.3 CD
• IBM Cloud Pak for Security 1.10.11.0
• IBM QRadar Suite Software 1.10.12.0
• IBM MQ Operator 2.3.0
• IBM MQ Operator 2.3.3
• IBM MQ Operator 2.0.0
• IBM MQ Operator 2.4.0
• IBM MQ Operator 2.2.0
• IBM MQ Operator 2.2.2
• IBM MQ Operator 3.0.0
• IBM MQ Operator 2.0.18
• IBM MQ Operator 2.4.7
• IBM MQ Operator 3.0.1
• IBM QRadar Suite Software 1.10.18.0

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information

CVE-2024-27255

CVE-2024-25016

CVE-2024-22355

CVE-2023-47742