CVE-2024-40681

Summary

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

Affected Software

VendorProductVersion RangeStatus
IBMMQ9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CDaffected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References