CVE-2024-27256 — Use of a Broken or Risky Cryptographic Algorithm in IBM Supplied MQ Advanced Container Images

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.1%

top 74.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Operator IBM Supplied MQ Advanced Container Images

Timeline

PublishedJan 27

Description

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/supplied_mq_advanced_container_images31 versions+30

▶CVEListV5ibm/mq_operator2.4.0 — 2.4.8+5

▶NVDibm/mq_operator2.0.0 — 2.0.22+6

🔴Vulnerability Details

CVEList

IBM MQ Operator information disclosure↗2025-01-27

▶

GHSA

GHSA-p373-f88m-9rm3: IBM MQ Container 3↗2025-01-27

▶