CVE-2025-1333

Name of the Vulnerable Software and Affected Versions IBM MQ Container versions 2.0.0 through 2.0.29 IBM MQ Operator LTS versions 2.0.0 through 2.0.29 IBM MQ Operator CD versions 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 IBM MQ Operator SC2 versions 3.2.0 through 3.2.10

Description The issue concerns the disclosure of sensitive information to a privileged user when the IBM MQ Container is used with the IBM MQ Operator and configured with Cloud Pak for Integration Keycloak.

Recommendations For IBM MQ Container versions 2.0.0 through 2.0.29, update to a version that is not affected by this issue. For IBM MQ Operator LTS versions 2.0.0 through 2.0.29, update to a version that is not affected by this issue. For IBM MQ Operator CD versions 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, update to a version that is not affected by this issue. For IBM MQ Operator SC2 versions 3.2.0 through 3.2.10, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the Keycloak authentication module until a patch is available.