CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
ibmmq_operator
2.0.0 ≤
𝑥
≤ 2.0.25
ibmmq_operator
2.2.0 ≤
𝑥
≤ 2.2.2
ibmmq_operator
2.3.0 ≤
𝑥
≤ 2.3.3
ibmmq_operator
2.4.0 ≤
𝑥
≤ 2.4.8
ibmmq_operator
3.1.0 ≤
𝑥
≤ 3.1.3
ibmmq_operator
3.2.0 ≤
𝑥
≤ 3.2.3
ibmmq_operator
3.0.0
ibmmq_operator
3.0.1
ibmsupplied_mq_advanced_container_images
9.2.0.1:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.1:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.2:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.2:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.2:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.2:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.4:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.4:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r3-eus
ibmsupplied_mq_advanced_container_images
9.2.0.5:r3-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r1-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r2-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r3-eus
ibmsupplied_mq_advanced_container_images
9.2.0.6:r3-eus
ibmsupplied_mq_advanced_container_images
9.2.3.0:r1
ibmsupplied_mq_advanced_container_images
9.2.4.0:r1
ibmsupplied_mq_advanced_container_images
9.2.4.0:r1
ibmsupplied_mq_advanced_container_images
9.2.5.0:r1
ibmsupplied_mq_advanced_container_images
9.2.5.0:r1
ibmsupplied_mq_advanced_container_images
9.2.5.0:r2
ibmsupplied_mq_advanced_container_images
9.2.5.0:r2
ibmsupplied_mq_advanced_container_images
9.2.5.0:r3
ibmsupplied_mq_advanced_container_images
9.2.5.0:r3
ibmsupplied_mq_advanced_container_images
9.3.0.0:r1
ibmsupplied_mq_advanced_container_images
9.3.0.0:r1
ibmsupplied_mq_advanced_container_images
9.3.0.0:r2
ibmsupplied_mq_advanced_container_images
9.3.0.0:r2
ibmsupplied_mq_advanced_container_images
9.3.0.0:r3
ibmsupplied_mq_advanced_container_images
9.3.0.0:r3
ibmsupplied_mq_advanced_container_images
9.3.0.1:r1
ibmsupplied_mq_advanced_container_images
9.3.0.1:r1
ibmsupplied_mq_advanced_container_images
9.3.0.1:r2
ibmsupplied_mq_advanced_container_images
9.3.0.1:r2
ibmsupplied_mq_advanced_container_images
9.3.0.1:r3
ibmsupplied_mq_advanced_container_images
9.3.0.1:r3
ibmsupplied_mq_advanced_container_images
9.3.0.1:r4
ibmsupplied_mq_advanced_container_images
9.3.0.1:r4
ibmsupplied_mq_advanced_container_images
9.3.0.3:r1
ibmsupplied_mq_advanced_container_images
9.3.0.3:r1
ibmsupplied_mq_advanced_container_images
9.3.0.4:r1
ibmsupplied_mq_advanced_container_images
9.3.0.4:r1
ibmsupplied_mq_advanced_container_images
9.3.0.4:r2
ibmsupplied_mq_advanced_container_images
9.3.0.4:r2
ibmsupplied_mq_advanced_container_images
9.3.0.5:r1
ibmsupplied_mq_advanced_container_images
9.3.0.5:r1
ibmsupplied_mq_advanced_container_images
9.3.0.5:r2
ibmsupplied_mq_advanced_container_images
9.3.0.5:r3
ibmsupplied_mq_advanced_container_images
9.3.0.6:r1
ibmsupplied_mq_advanced_container_images
9.3.0.6:r1
ibmsupplied_mq_advanced_container_images
9.3.0.10:r1
ibmsupplied_mq_advanced_container_images
9.3.0.10:r2
ibmsupplied_mq_advanced_container_images
9.3.0.10:r3
ibmsupplied_mq_advanced_container_images
9.3.0.11:r1
ibmsupplied_mq_advanced_container_images
9.3.0.11:r2
ibmsupplied_mq_advanced_container_images
9.3.0.15:r1
ibmsupplied_mq_advanced_container_images
9.3.0.16:r1
ibmsupplied_mq_advanced_container_images
9.3.0.16:r2
ibmsupplied_mq_advanced_container_images
9.3.0.17:r1
ibmsupplied_mq_advanced_container_images
9.3.0.17:r2
ibmsupplied_mq_advanced_container_images
9.3.0.17:r3
ibmsupplied_mq_advanced_container_images
9.3.0.20:r1
ibmsupplied_mq_advanced_container_images
9.3.0.20:r2
ibmsupplied_mq_advanced_container_images
9.3.1.0:r1
ibmsupplied_mq_advanced_container_images
9.3.1.1:r1
ibmsupplied_mq_advanced_container_images
9.3.2.0:r1
ibmsupplied_mq_advanced_container_images
9.3.2.0:r2
ibmsupplied_mq_advanced_container_images
9.3.2.1:r1
ibmsupplied_mq_advanced_container_images
9.3.2.1:r2
ibmsupplied_mq_advanced_container_images
9.3.3.0:r1
ibmsupplied_mq_advanced_container_images
9.3.3.0:r2
ibmsupplied_mq_advanced_container_images
9.3.3.1:r1
ibmsupplied_mq_advanced_container_images
9.3.3.1:r2
ibmsupplied_mq_advanced_container_images
9.3.3.2:r1
ibmsupplied_mq_advanced_container_images
9.3.3.2:r2
ibmsupplied_mq_advanced_container_images
9.3.3.2:r3
ibmsupplied_mq_advanced_container_images
9.3.3.3:r1
ibmsupplied_mq_advanced_container_images
9.3.3.3:r2
ibmsupplied_mq_advanced_container_images
9.3.4.0:r1
ibmsupplied_mq_advanced_container_images
9.3.4.1:r1
ibmsupplied_mq_advanced_container_images
9.3.5.0:r1
ibmsupplied_mq_advanced_container_images
9.3.5.0:r2
ibmsupplied_mq_advanced_container_images
9.3.5.1:r1
ibmsupplied_mq_advanced_container_images
9.3.5.1:r2
ibmsupplied_mq_advanced_container_images
9.4.0.0:r1
ibmsupplied_mq_advanced_container_images
9.4.0.0:r2
ibmsupplied_mq_advanced_container_images
9.4.0.0:r3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7167732