This page lists publicly disclosed CVE vulnerabilities affecting ibm mq_operator (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-36005 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. | [email protected] | 5.9 | 0.07% | 2025-07-24 | 2025-08-22 |
| CVE-2025-33013 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release. | [email protected] | 6.2 | 0.06% | 2025-07-24 | 2025-08-22 |
| CVE-2025-36041 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. | [email protected] | 4.7 | 0.01% | 2025-06-15 | 2025-08-22 |
| CVE-2025-27365 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | [email protected] | 6.5 | 0.21% | 2025-05-01 | 2025-08-25 |
| CVE-2025-1333 | IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user. | [email protected] | 6.0 | 0.16% | 2025-05-01 | 2025-08-25 |
| CVE-2024-27256 | IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | [email protected] | 5.9 | 0.05% | 2025-01-27 | 2025-08-18 |
| CVE-2024-40681 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. | [email protected] | 7.5 | 0.02% | 2024-09-07 | 2025-08-15 |
| CVE-2024-40680 | IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | [email protected] | 5.5 | 0.04% | 2024-09-07 | 2024-10-31 |
| CVE-2024-39743 | IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172. | [email protected] | 5.9 | 0.22% | 2024-07-08 | 2024-11-21 |
| CVE-2024-39742 | IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169. | [email protected] | 8.1 | 0.05% | 2024-07-08 | 2024-11-21 |
| CVE-2024-27255 | IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. | [email protected] | 5.9 | 0.03% | 2024-03-03 | 2024-12-23 |
| CVE-2023-47745 | IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. | [email protected] | 6.2 | 0.04% | 2024-03-03 | 2024-12-23 |