CVE-2024-27256

Summary

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Affected Software

VendorProductVersion RangeStatus
IBMMQ Operator2.4.0 <= 2.4.8affected
IBMMQ Operator2.3.0 <= 2.3.3affected
IBMMQ Operator2.2.0 <= 2.2.2affected
IBMMQ Operator2.0.0 LTS <= 2.0.22 LTSaffected
IBMMQ Operator3.0.0 CD, 3.0.1 CDaffected
IBMMQ Operator3.1.0 CD <= 3.1.3 CDaffected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References