CVE-2025-36005

Name of the Vulnerable Software and Affected Versions IBM MQ Operator versions 2.0.0 through 2.0.29 IBM MQ Operator CD versions 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0 IBM MQ Operator SC2 versions 3.2.0 through 3.2.13

Description Improper certificate validation in Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by proxying to the same hostname and port.

Recommendations IBM MQ Operator versions 2.0.0 through 2.0.29: At the moment, there is no information about a newer version that contains a fix for this vulnerability. IBM MQ Operator CD versions 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. IBM MQ Operator SC2 versions 3.2.0 through 3.2.13: At the moment, there is no information about a newer version that contains a fix for this vulnerability.