IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and Queue Manager container images.
These vulnerabilities, including denial of service and privilege escalation, could allow attackers to bypass security restrictions and disrupt operations.
The bulletin highlights several vulnerabilities affecting the IBM MQ Operator and Queue Manager container images.
The key issues are related to Kerberos 5 and IBM MQ, which are susceptible to improper memory allocation and access control flaws.
The vulnerabilities affect a range of IBM MQ Operator and MQ Advanced container images, including IBM MQ Operator versions from 2.0.0 to 3.2.3 and IBM MQ Advanced Container Images covering various versions from 9.2.0.1 to 9.4.0.0.
Download Free Incident Response Plan Template for Your Security Team – Free Download
IBM has released patches to address these vulnerabilities:
IBM strongly recommends that users apply the latest container images to mitigate these vulnerabilities.
Currently, there are no workarounds or mitigations available for these vulnerabilities. Users are urged to update their systems promptly.
IBM encourages users to subscribe to “My Notifications” for updates on important product support alerts. For more information, users can refer to IBM’s Secure Engineering Web Portal and the IBM Product Security Incident Response Blog.
For detailed CVSS scores and further information, visit the IBM X-Force Exchange links in the bulletin.
This security bulletin underscores the importance of timely updates and vigilance in maintaining secure IT environments.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a colleague…
A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a grave…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS) advisories…
A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with a…
In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA pages…
In a recent technical investigation, researchers uncovered critical insights into the infrastructure linked to a…