Addressing the Latest MQ Console Vulnerability

By |Published On: June 7th, 2024|1 min read|

9/5/2024 – Critical MQ Console Vulnerability

A recent security bulletin from IBM has highlighted a critical MQ Console vulnerability identified as CVE-2024-40681. This vulnerability affects several IBM MQ versions, including 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, and 9.4 LTS and CD, allowing an authenticated user to bypass security restrictions and execute unauthorized actions against the queue manager.

To mitigate this MQ Console vulnerability, IBM recommends applying the appropriate security updates or fix packs as detailed under APAR IT46501. For a full list of affected versions and remediation steps, please visit the IBM Security Bulletin.

 

 

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

6/28/2024 CVE CVE-2024-35155 MQ Console vulnerability

A vulnerability in 9.3 LTS and 9.3 CD permits a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM MQ has addressed the password disclosure vulnerability in the IBM MQ Console:

 

Remediation/Fixes

This issue was addressed under APAR IT46217

IBM MQ version 9.3 LTS

Apply Fix Pack 9.3.0.20  

IBM MQ version 9.3 CD

Upgrade to IBM MQ version 9.4

Workarounds and Mitigations

None

 

 

 

Click here to learn about a secure, cloud-ready, single-interface solution for administration, monitoring, synthetic transactions, user Auditing, and in-depth analytics of your IBM MQ environment.

More Infrared360® Resources

About the Author: Scott Treggiari

Go to Top