CVE-2024-39742 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ibm	CNA	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
ibm	mq_operator	2.0.0 ≤ 𝑥 < 2.0.24
ibm	mq_operator	2.2.0 ≤ 𝑥 ≤ 2.2.2
ibm	mq_operator	2.3.0 ≤ 𝑥 ≤ 2.3.3
ibm	mq_operator	2.4.0 ≤ 𝑥 ≤ 2.4.8
ibm	mq_operator	3.1.0 ≤ 𝑥 ≤ 3.1.3
ibm	mq_operator	3.2.0 ≤ 𝑥 < 3.2.2
ibm	mq_operator	3.0.0
ibm	mq_operator	3.0.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-187 - Partial String Comparison
The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/297169

https://www.ibm.com/support/pages/node/7159714

https://exchange.xforce.ibmcloud.com/vulnerabilities/297169

https://www.ibm.com/support/pages/node/7159714