PT-2025-36405 · Ibm · Ibm Mq 9.3.0.0+11

Published

2025-09-04

·

Updated

2025-09-07

·

CVE-2025-36100

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM MQ LTS versions 9.1.0.0 through 9.1.0.29 IBM MQ LTS versions 9.2.0.0 through 9.2.0.36 IBM MQ LTS versions 9.3.0.0 through 9.3.0.30 IBM MQ LTS versions 9.4.0.0 through 9.4.0.12 IBM MQ CD versions 9.3.0.0 through 9.3.5.1 IBM MQ CD versions 9.4.0.0 through 9.4.3.0
Description IBM MQ Java and JMS stores a password in client configuration files when trace is enabled, which can be read by a local user.
Recommendations IBM MQ LTS versions 9.1.0.0 through 9.1.0.29: Disable trace functionality in client configuration files. IBM MQ LTS versions 9.2.0.0 through 9.2.0.36: Disable trace functionality in client configuration files. IBM MQ LTS versions 9.3.0.0 through 9.3.0.30: Disable trace functionality in client configuration files. IBM MQ LTS versions 9.4.0.0 through 9.4.0.12: Disable trace functionality in client configuration files. IBM MQ CD versions 9.3.0.0 through 9.3.5.1: Disable trace functionality in client configuration files. IBM MQ CD versions 9.4.0.0 through 9.4.3.0: Disable trace functionality in client configuration files.

Fix

Weakness Enumeration

CWE-260

Related Identifiers

BDU:2025-13335
CVE-2025-36100

Affected Products

Ibm Mq 9.1.0.0
Ibm Mq 9.1.0.29
Ibm Mq 9.2.0.0
Ibm Mq 9.2.0.36
Ibm Mq 9.3.0.0
Ibm Mq 9.3.0.0 Cd
Ibm Mq 9.3.0.30
Ibm Mq 9.3.5.1 Cd
Ibm Mq 9.4.0.0
Ibm Mq 9.4.0.0 Cd
Ibm Mq 9.4.0.12
Ibm Mq 9.4.3.0 Cd