High Severity

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go

Share this post:

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages: openssl, pcre2 and Golang Go, that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images.

CVE(s): CVE-2022-1962, CVE-2022-2068, CVE-2022-1586, CVE-2022-2097, CVE-2022-1292

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ Operator EUS release 1.3.6 and LTS Release 2.0.1
IBM supplied MQ Advanced container images v9.2.0.6-r1 and v9.3.0.0-r2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6616631
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/232543
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226018
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226863
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/230425
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225619

More stories

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

November 30, 2022 | High Severity

IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible

November 30, 2022 | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in AWS SDK for Java

November 30, 2022 | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of AWS SDK for Java. ...read more