CVE-2024-39742: IBM MQ Container authentication bypass

First published: Fri Jul 05 2024(Updated: )

IBM MQ Container Developer Edition 3.2.0 and IBM MQ Container Developer Edition 3.2.1 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/references
• agent/weakness
• agent/type
• agent/first-publish-date
• agent/softwarecombine
• agent/severity
• agent/author
• agent/event
• collector/mitre-cve
• source/MITRE
• agent/tags
• collector/ibm-support
• source/IBM
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/description
• collector/nvd-api
• source/NVD
• vendor/ibm
• canonical/ibm mq operator
• version/ibm mq operator/sc2 (formerly lts): v3.2.0, v3.2.1cd:  v3.0.0, v3.0.1, v3.1.0 - 3.1.3 lts: v2.0.0 - 2.0.23 other release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
• canonical/ibm supplied mq advanced container images
• version/ibm supplied mq advanced container images/cd: 9.4.0.0-r1, 9.3.4.0-r1, 9.3.4.1-r1,9.3.5.0-r1,9.3.5.0-r2,9.3.5.1-r1, 9.3.5.1-r2lts: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3 other release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4,  9.3.0.3-r1,  9.3.0.4-r1, 9.3.0.4-r2,  9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3,  9.3.0.6-r1,  9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2,  9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1,  9.3.3.3-r2
• version/ibm mq operator/2.0.0
• version/ibm mq operator/2.2.0
• version/ibm mq operator/2.2.2
• version/ibm mq operator/2.3.0
• version/ibm mq operator/2.3.3
• version/ibm mq operator/2.4.0
• version/ibm mq operator/2.4.8
• version/ibm mq operator/3.1.0
• version/ibm mq operator/3.1.3
• version/ibm mq operator/3.2.0
• version/ibm mq operator/3.0.0
• version/ibm mq operator/3.0.1