Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2024-39743
HistoryJul 08, 2024 - 2:15 p.m.

CVE-2024-39743

2024-07-0814:15:02
CWE-405
ibm
web.nvd.nist.gov
37
ibm mq
operator
denial of service
vulnerability
x-force

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0

Percentile

13.6%

JSON

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

Affected configurations

Nvd
Vulners
Node
ibmmq_operatorRange2.0.02.0.24
OR
ibmmq_operatorRange2.2.02.2.2
OR
ibmmq_operatorRange2.3.02.3.3
OR
ibmmq_operatorRange2.4.02.4.8
OR
ibmmq_operatorRange3.1.03.1.3
OR
ibmmq_operatorRange3.2.03.2.2
OR
ibmmq_operatorMatch3.0.0
OR
ibmmq_operatorMatch3.0.1
VendorProductVersionCPE
ibmmq_operator*cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*:*
ibmmq_operator3.0.0cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:*:*:*:*
ibmmq_operator3.0.1cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MQ Operator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.24, 3.2.2"
      }
    ]
  }
]

Related

vulnrichment 1
cvelist 1
nvd 1
ibm 1
vulnrichment
vulnrichment
CVE-2024-39743 IBM MQ Container denial of service
2024-07-08 13:14:43
cvelist
cvelist
CVE-2024-39743 IBM MQ Container denial of service
2024-07-08 13:14:43
nvd
nvd
CVE-2024-39743
2024-07-08 14:15:02
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases
2024-07-18 08:29:27

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0

Percentile

13.6%

JSON
Related for CVE-2024-39743
vulnrichment1cvelist1nvd1ibm1