5.5

CVE-2025-36100

IBM MQ information disclosure

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmMq SwEditionlts Version >= 9.1.0.0 < 9.1.0.31
IbmMq SwEditionlts Version >= 9.2.0.0 < 9.2.0.37
IbmMq SwEditionlts Version >= 9.3.0.0 < 9.3.0.31
IbmMq SwEditioncontinuous_delivery Version >= 9.3.0.0 <= 9.3.5.1
IbmMq SwEditionlts Version >= 9.4.0.0 < 9.4.0.15
IbmMq SwEditioncontinuous_delivery Version >= 9.4.0.0 < 9.4.3.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.014
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-260 Password in Configuration File

The product stores a password in a configuration file that might be accessible to actors who do not know the password.