Partial String Comparison

CVE-2024-39742

High

8.1/10

Summary

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-187 - Partial String Comparison

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

References

Advisory Timeline

Published Jul 08, 2024

Partial String Comparison

CVE-2024-39742

Summary

CWE-187 - Partial String Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS