CVE-2024-27255

{"id": "CVE-2024-27255", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-03T12:15:36.867", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/7126571", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283905", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7126571", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905."}, {"lang": "es", "value": "IBM MQ Operador 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 a 2.4.7, 2.3.0 a 2.3.3, 2.2.0 a 2.2.2 y 2.3. 0 a 2.3.3 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 283905."}], "lastModified": "2024-12-23T17:32:58.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "976E62F2-8B84-48A7-B4EF-0F0E3100BCF1", "versionEndIncluding": "2.2.2", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A899D4D9-04D0-404E-95BA-BFA1874B1188", "versionEndIncluding": "2.3.3", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D80EFAA6-2FF7-4DAF-96CC-D494A97C8CF6", "versionEndIncluding": "2.4.7", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "570A5C73-FDC8-4AC5-B85D-DBC39B618BDF"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:2.0.18:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "1159A4CB-F5A6-48E7-8FBC-C7F568999A5D"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:cd:*:*:*", "vulnerable": true, "matchCriteriaId": "FE86FF96-2C86-47A5-94BE-F17B271CA6BB"}, {"criteria": "cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:cd:*:*:*", "vulnerable": true, "matchCriteriaId": "5DC6415E-F0D0-4C47-B048-733DA4B18D43"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}