High

Analysis Summary

CVE-2024-39742 CVSS:8.1

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability.

CVE-2024-39743 CVSS:5.9

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to cause a denial of service under certain configurations due to a partial string comparison vulnerability.

Impact

• Denial of Service
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-39742
• CVE-2024-39743

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

IBM Security Advisory