CVE-2024-27255 - OpenCVE

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/283905
https://www.ibm.com/support/pages/node/7126571

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-03T11:54:10.301Z

Updated: 2024-03-03T11:54:10.301Z

Reserved: 2024-02-22T01:26:15.968Z

Link: CVE-2024-27255

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-03T12:15:36.867

Modified: 2024-03-04T13:58:23.447

Link: CVE-2024-27255

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-27255", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-22T01:26:15.968Z", "datePublished": "2024-03-03T11:54:10.301Z", "dateUpdated": "2024-03-03T11:54:10.301Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MQ Operator", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.0.18 LTS", "status": "affected", "version": "2.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "2.4.7", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"lessThanOrEqual": "2.3.3", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThanOrEqual": "2.2.2", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThanOrEqual": "3.0.1 CD", "status": "affected", "version": "3.0.0 CD", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."}], "value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-03T11:54:10.301Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7126571"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ Container information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}