Published
2025-09-07
·
Updated
2025-09-07
·
CVE-2025-36100
5.1
Medium
| Base vector | Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM MQ LTS versions 9.1.0.0 through 9.1.0.29
IBM MQ LTS versions 9.2.0.0 through 9.2.0.36
IBM MQ LTS versions 9.3.0.0 through 9.3.0.30
IBM MQ LTS versions 9.4.0.0 through 9.4.0.12
IBM MQ CD versions 9.3.0.0 through 9.3.5.1
IBM MQ CD versions 9.4.0.0 through 9.4.3.0
Description:
IBM MQ Java and JMS stores a password in client configuration files when trace is enabled, which can be read by a local user.
Recommendations:
IBM MQ LTS versions 9.1.0.0 through 9.1.0.29: Disable trace functionality in client configuration files.
IBM MQ LTS versions 9.2.0.0 through 9.2.0.36: Disable trace functionality in client configuration files.
IBM MQ LTS versions 9.3.0.0 through 9.3.0.30: Disable trace functionality in client configuration files.
IBM MQ LTS versions 9.4.0.0 through 9.4.0.12: Disable trace functionality in client configuration files.
IBM MQ CD versions 9.3.0.0 through 9.3.5.1: Disable trace functionality in client configuration files.
IBM MQ CD versions 9.4.0.0 through 9.4.3.0: Disable trace functionality in client configuration files.
Fix