Ibm Mq Operator vulnerabilities
13 known vulnerabilities affecting ibm/mq_operator.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2025-12755MEDIUMCVSS 4.0≥ SC2: v3.2.0, ≤ 3.2.21≥ CD: v3.3.0, ≤ 3.8.1+1 more2026-02-17
CVE-2025-12755 [MEDIUM] CWE-117 CVE-2025-12755: IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images
IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries,
cvelistv5nvd
CVE-2025-36005MEDIUMCVSS 6.5≥ 2.0.0, ≤ 2.0.29≥ 3.2.0, ≤ 3.2.13+8 more2025-07-24
CVE-2025-36005 [MEDIUM] CWE-295 CVE-2025-36005: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper c
cvelistv5nvd
CVE-2025-33013MEDIUMCVSS 5.5≥ 2.0.0, ≤ 2.0.29≥ 3.2.0, ≤ 3.2.13+8 more2025-07-24
CVE-2025-33013 [MEDIUM] CWE-244 CVE-2025-33013: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
cvelistv5nvd
CVE-2025-36041CRITICALCVSS 9.8≥ 2.0.0, ≤ 2.0.29≥ 2.2.0, ≤ 2.2.2+14 more2025-06-15
CVE-2025-36041 [CRITICAL] CWE-295 CVE-2025-36041: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform
cvelistv5nvd
CVE-2025-27365MEDIUMCVSS 6.5≥ 2.0.0, ≤ 2.0.29≥ 2.2.0, ≤ 2.2.2+14 more2025-05-01
CVE-2025-27365 [MEDIUM] CWE-416 CVE-2025-27365: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
cvelistv5nvd
CVE-2025-1333MEDIUMCVSS 6.5≥ 2.0.0, ≤ 2.0.29≥ 2.2.0, ≤ 2.2.2+14 more2025-05-01
CVE-2025-1333 [MEDIUM] CWE-214 CVE-2025-1333: IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0,
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
cvelistv5nvd
CVE-2024-27256HIGHCVSS 7.5≥ 2.0.0, ≤ 2.0.22≥ 2.2.0, ≤ 2.2.2+8 more2025-01-27
CVE-2024-27256 [HIGH] CWE-327 CVE-2024-27256: IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 throug
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
cvelistv5nvd
CVE-2024-40681HIGHCVSS 8.8≥ 2.0.0, ≤ 2.0.25≥ 2.2.0, ≤ 2.2.2+6 more2024-09-07
CVE-2024-40681 [HIGH] CWE-266 CVE-2024-40681: IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
nvd
CVE-2024-40680MEDIUMCVSS 5.5v2.0.26v3.2.42024-09-07
CVE-2024-40680 [MEDIUM] CWE-789 CVE-2024-40680: IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper m
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
nvd
CVE-2024-39742CRITICALCVSS 9.8≥ 2.0.0, < 2.0.24≥ 2.2.0, ≤ 2.2.2+7 more2024-07-08
CVE-2024-39742 [CRITICAL] CWE-187 CVE-2024-39742: IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under c
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.
cvelistv5nvd
CVE-2024-39743HIGHCVSS 7.5≥ 2.0.0, < 2.0.24≥ 2.2.0, ≤ 2.2.2+7 more2024-07-08
CVE-2024-39743 [HIGH] CWE-405 CVE-2024-39743: IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.
cvelistv5nvd
CVE-2024-27255HIGHCVSS 7.5≥ 2.2.0, ≤ 2.2.2≥ 2.3.0, ≤ 2.3.3+7 more2024-03-03
CVE-2024-27255 [HIGH] CWE-327 CVE-2024-27255: IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3,
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.
cvelistv5nvd
CVE-2023-47745MEDIUMCVSS 5.5≥ 2.2.0, ≤ 2.2.2≥ 2.3.0, ≤ 2.3.3+7 more2024-03-03
CVE-2023-47745 [MEDIUM] CWE-319 CVE-2023-47745: IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3,
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.
cvelistv5nvd