CVE-2026-2607
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: IBM Corporation
Description
Description
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: Β v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2, 9.4.0.11-r1, 9.4.0.11-r2, 9.4.0.11-r3, 9.4.0.12-r1, 9.4.0.15-r1 - 9.4.0.15-r4, 9.4.0.16-r1, 9.4.0.16-r2, 9.4.0.17-r1, 9.4.0.17-r2, 9.4.0.20-r1CD: 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2, 9.4.2.1-r1, 9.4.2.1-r2, 9.4.3.0-r1, 9.4.3.0-r2, 9.4.3.1-r1 - 9.4.3.1-r3, 9.4.4.0-r1 - 9.4.4.0-r4, 9.4.4.1-r1, 9.4.5.0-r1, 9.4.5.0-r2LTS: 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2 IBM MQΒ stores potentially sensitive information in log files that could be read by a local user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | mq_operator | From 3.2.0 (inc) to 3.2.23 (inc) |
| ibm | mq_advanced_container_images | From 9.4.0.6 (inc) to 9.4.0.20 (inc) |
| ibm | mq_advanced_container_images | From 9.4.1.0 (inc) to 9.4.5.0 (inc) |
| ibm | mq_advanced_container_images | From 9.3.0.0 (inc) to 9.4.0.5 (inc) |
| ibm | mq_operator | 3.2 |
| ibm | mq_operator | 3.3.0 |
| ibm | mq_operator | 3.4.0 |
| ibm | mq_operator | 3.4.1 |
| ibm | mq_operator | 3.5.0 |
| ibm | mq_operator | From 3.5.1 (inc) to 3.5.4 (exc) |
| ibm | mq_operator | From 3.6.0 (inc) to 3.6.4 (inc) |
| ibm | mq_operator | From 3.7.0 (inc) to 3.7.2 (inc) |
| ibm | mq_operator | 3.8.0 |
| ibm | mq_operator | 3.8.1 |
| ibm | mq_operator | 3.9.0 |
| ibm | mq_operator | 3.9.1 |
| ibm | mq_advanced | 9.4.0.6 |
| ibm | mq_advanced | 9.4.0.7 |
| ibm | mq_advanced | 9.4.0.10 |
| ibm | mq_advanced | 9.4.0.11 |
| ibm | mq_advanced | 9.4.0.12 |
| ibm | mq_advanced | 9.4.0.15 |
| ibm | mq_advanced | 9.4.1.0 |
| ibm | mq_advanced | 9.4.1.1 |
| ibm | mq_advanced | 9.4.2.0 |
| ibm | mq_advanced | 9.4.2.1 |
| ibm | mq_advanced | 9.4.3.0 |
| ibm | mq_advanced | From 9.4.3.1 (inc) to 9.4.3.2 (exc) |
| ibm | mq_advanced | From 9.4.4.0 (inc) to 9.4.4.1 (exc) |
| ibm | mq_advanced | 9.4.4.1 |
| ibm | mq_advanced | From 9.4.5.0 (inc) to 9.4.5.1 (exc) |
| ibm | mq_advanced | From 9.3.0.0 (inc) to 9.3.0.3 (inc) |
| ibm | mq_advanced | 9.3.0.1 |
| ibm | mq_advanced | 9.3.0.5 |
| ibm | mq_advanced | 9.4.0.0 |
| ibm | mq_advanced | 9.4.0.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70