CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.

Published: Sep 7, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-40681
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-266

Affected Software
References

Software	From	Fixed in
ibm / mq_operator	2.2.0	2.2.2.x
ibm / mq_operator	2.3.0	2.3.3.x
ibm / mq_operator	3.0.0	3.0.0.x
ibm / mq_operator	3.0.1	3.0.1.x
ibm / mq_operator	2.4.0	2.4.8.x
ibm / mq_operator	3.1.0	3.1.3.x
ibm / mq_operator	2.0.0	2.0.25.x
ibm / mq_operator	3.2.0	3.2.3.x
ibm / supplied_mq_advanced_container_images	9.3.4.0-r1	9.3.4.0-r1.x
ibm / supplied_mq_advanced_container_images	9.2.0.1-r1-eus	9.2.0.1-r1-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.2-r1-eus	9.2.0.2-r1-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.4-r1-eus	9.2.0.4-r1-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.5-r1-eus	9.2.0.5-r1-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.2-r2-eus	9.2.0.2-r2-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.5-r2-eus	9.2.0.5-r2-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.6-r2-eus	9.2.0.6-r2-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.5-r3-eus	9.2.0.5-r3-eus.x
ibm / supplied_mq_advanced_container_images	9.2.0.6-r3-eus	9.2.0.6-r3-eus.x
ibm / supplied_mq_advanced_container_images	9.4.0.0-r1	9.4.0.0-r1.x
ibm / supplied_mq_advanced_container_images	9.4.0.0-r2	9.4.0.0-r2.x
ibm / supplied_mq_advanced_container_images	9.4.0.0-r3	9.4.0.0-r3.x
ibm / supplied_mq_advanced_container_images	9.3.4.1-r1	9.3.4.1-r1.x
ibm / supplied_mq_advanced_container_images	9.3.5.0-r1	9.3.5.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.5.1-r1	9.3.5.1-r1.x
ibm / supplied_mq_advanced_container_images	9.3.5.0-r2	9.3.5.0-r2.x
ibm / supplied_mq_advanced_container_images	9.3.5.1-r2	9.3.5.1-r2.x
ibm / supplied_mq_advanced_container_images	9.2.0.6-r1-eus	9.2.0.6-r1-eus.x
ibm / supplied_mq_advanced_container_images	9.2.4.0-r1	9.2.4.0-r1.x
ibm / supplied_mq_advanced_container_images	9.2.5.0-r1	9.2.5.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.0-r1	9.3.0.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.1-r1	9.3.0.1-r1.x
ibm / supplied_mq_advanced_container_images	9.2.5.0-r2	9.2.5.0-r2.x
ibm / supplied_mq_advanced_container_images	9.2.5.0-r3	9.2.5.0-r3.x
ibm / supplied_mq_advanced_container_images	9.3.0.0-r2	9.3.0.0-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.0-r3	9.3.0.0-r3.x
ibm / supplied_mq_advanced_container_images	9.3.0.1-r2	9.3.0.1-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.1-r3	9.3.0.1-r3.x
ibm / supplied_mq_advanced_container_images	9.3.0.1-r4	9.3.0.1-r4.x
ibm / supplied_mq_advanced_container_images	9.3.0.3-r1	9.3.0.3-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.4-r1	9.3.0.4-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.5-r1	9.3.0.5-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.4-r2	9.3.0.4-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.5-r2	9.3.0.5-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.5-r3	9.3.0.5-r3.x
ibm / supplied_mq_advanced_container_images	9.3.0.6-r1	9.3.0.6-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.10-r1	9.3.0.10-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.11-r1	9.3.0.11-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.15-r1	9.3.0.15-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.16-r1	9.3.0.16-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.17-r1	9.3.0.17-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.20-r1	9.3.0.20-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.10-r2	9.3.0.10-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.11-r2	9.3.0.11-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.16-r2	9.3.0.16-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.17-r2	9.3.0.17-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.20-r2	9.3.0.20-r2.x
ibm / supplied_mq_advanced_container_images	9.3.0.17-r3	9.3.0.17-r3.x
ibm / supplied_mq_advanced_container_images	9.2.3.0-r1	9.2.3.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.1.0-r1	9.3.1.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.1.1-r1	9.3.1.1-r1.x
ibm / supplied_mq_advanced_container_images	9.3.2.0-r1	9.3.2.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.2.1-r1	9.3.2.1-r1.x
ibm / supplied_mq_advanced_container_images	9.3.3.0-r1	9.3.3.0-r1.x
ibm / supplied_mq_advanced_container_images	9.3.3.1-r1	9.3.3.1-r1.x
ibm / supplied_mq_advanced_container_images	9.3.3.2-r1	9.3.3.2-r1.x
ibm / supplied_mq_advanced_container_images	9.3.3.3-r1	9.3.3.3-r1.x
ibm / supplied_mq_advanced_container_images	9.3.0.10-r3	9.3.0.10-r3.x
ibm / supplied_mq_advanced_container_images	9.3.2.0-r2	9.3.2.0-r2.x
ibm / supplied_mq_advanced_container_images	9.3.2.1-r2	9.3.2.1-r2.x
ibm / supplied_mq_advanced_container_images	9.3.3.0-r2	9.3.3.0-r2.x
ibm / supplied_mq_advanced_container_images	9.3.3.1-r2	9.3.3.1-r2.x
ibm / supplied_mq_advanced_container_images	9.3.3.2-r2	9.3.3.2-r2.x
ibm / supplied_mq_advanced_container_images	9.3.3.3-r2	9.3.3.3-r2.x
ibm / supplied_mq_advanced_container_images	9.3.3.2-r3	9.3.3.2-r3.x

https://www.ibm.com/support/pages/node/7167732

Vulnerability Database

309,364

CVE-2024-40681

Deep Security Visibility Without the Complexity