IBM Mq Operator

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in IBM Mq Operator.

By the Year

In 2026 there have been 1 vulnerability in IBM Mq Operator with an average score of 4.0 out of ten. Last year, in 2025 Mq Operator had 5 security vulnerabilities published. Right now, Mq Operator is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 2.16

Year	Vulnerabilities	Average Score
2026	1	4.00
2025	5	6.16
2024	6	7.43

It may take a day or so for new Mq Operator vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Mq Operator Security Vulnerabilities

IBM MQ Operator (v3.2.03.8.1) Log Injection via Unescaped Log Messages
CVE-2025-12755 4 - Medium - February 17, 2026

IBM MQ Operator (SC2 v3.2.03.8.1, LTS v2.0.02.0.29) and IBMsupplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream logprocessing issues.

Improper Output Neutralization for Logs

IBM MQ Operator TLS cert validation flaw (ID) LTS 2.0.x, CD 3.0-3.1.3, SC2 3.2.x
CVE-2025-36005 5.9 - Medium - July 24, 2025

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.

Improper Certificate Validation

Local Info Disclosure in IBM MQ Operator LTS 2.0.x–2.0.29, 3.x
CVE-2025-33013 6.2 - Medium - July 24, 2025

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

Heap Inspection

IBM MQ Operator (LTS 2.x, SC2 3.2.x, CD 3.x): Key Leak in HA CRR
CVE-2025-36041 4.7 - Medium - June 15, 2025

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Improper Certificate Validation

IBM MQ Operator SIGSEGV via AMQ RMPPA Channel (2.0.0-2.0.29, 3.0.0-3.5.1)
CVE-2025-27365 6.5 - Medium - May 01, 2025

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Dangling pointer

IBM MQ Container <3.1.3 Weak Crypto Decryption Vulnerability
CVE-2024-27256 7.5 - High - January 27, 2025

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Use of a Broken or Risky Cryptographic Algorithm

IBM MQ 9.1-9.4 LTS/CD Auth Role Bypass to Execute Queue Manager Actions
CVE-2024-40681 8.8 - High - September 07, 2024

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

Incorrect Privilege Assignment

IBM MQ 9.3/9.4 LTS/CD Local DoS via Improper Memory Allocation
CVE-2024-40680 5.5 - Medium - September 07, 2024

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.

Allocation of Resources Without Limits or Throttling

IBM MQ Operator 3.2.2 & 2.0.24 DoS via Incorrect Memory Deallocation
CVE-2024-39743 7.5 - High - July 08, 2024

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172.

Amplification

IBM MQ Operator 3.2.2 / 2.0.24: Auth Bypass via Partial String Compare
CVE-2024-39742 9.8 - Critical - July 08, 2024

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.

Incorrect Comparison

IBM MQ Operator Weak Crypto in v2.0.0v3.0.1
CVE-2024-27255 7.5 - High - March 03, 2024

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.

Use of a Broken or Risky Cryptographic Algorithm

IBM MQ Operator 2.0.03.0.1 LTS Stores Credentials in Cleartext (CVE202347745)
CVE-2023-47745 5.5 - Medium - March 03, 2024

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638.

Cleartext Transmission of Sensitive Information

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Mq Operator or by IBM? Click the Watch button to subscribe.

IBM
Vendor

IBM Mq Operator
Product

IBM Mq Operator

Don't miss out!

By the Year

Recent IBM Mq Operator Security Vulnerabilities

IBM MQ Operator (v3.2.03.8.1) Log Injection via Unescaped Log Messages CVE-2025-12755 4 - Medium - February 17, 2026

IBM MQ Operator TLS cert validation flaw (ID) LTS 2.0.x, CD 3.0-3.1.3, SC2 3.2.x CVE-2025-36005 5.9 - Medium - July 24, 2025

Local Info Disclosure in IBM MQ Operator LTS 2.0.x–2.0.29, 3.x CVE-2025-33013 6.2 - Medium - July 24, 2025

IBM MQ Operator (LTS 2.x, SC2 3.2.x, CD 3.x): Key Leak in HA CRR CVE-2025-36041 4.7 - Medium - June 15, 2025

IBM MQ Operator SIGSEGV via AMQ RMPPA Channel (2.0.0-2.0.29, 3.0.0-3.5.1) CVE-2025-27365 6.5 - Medium - May 01, 2025

IBM MQ Container <3.1.3 Weak Crypto Decryption Vulnerability CVE-2024-27256 7.5 - High - January 27, 2025

IBM MQ 9.1-9.4 LTS/CD Auth Role Bypass to Execute Queue Manager Actions CVE-2024-40681 8.8 - High - September 07, 2024

IBM MQ 9.3/9.4 LTS/CD Local DoS via Improper Memory Allocation CVE-2024-40680 5.5 - Medium - September 07, 2024

IBM MQ Operator 3.2.2 & 2.0.24 DoS via Incorrect Memory Deallocation CVE-2024-39743 7.5 - High - July 08, 2024

IBM MQ Operator 3.2.2 / 2.0.24: Auth Bypass via Partial String Compare CVE-2024-39742 9.8 - Critical - July 08, 2024

IBM MQ Operator Weak Crypto in v2.0.0v3.0.1 CVE-2024-27255 7.5 - High - March 03, 2024

IBM MQ Operator 2.0.03.0.1 LTS Stores Credentials in Cleartext (CVE202347745) CVE-2023-47745 5.5 - Medium - March 03, 2024