IBM MQ information disclosure_CVE-2025-36100

5.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.

Basic Information

ID CVE-2025-36100

Source ibm

Published Sep 7, 2025 at 00:37

Affected Product

Vendor IBM

Product MQ

Version 9.1.0.0 LTS

Affected Versions IBM MQ 9.1.0.0 LTS
IBM MQ 9.2.0.0 LTS
IBM MQ 9.3.0.0 LTS
IBM MQ 9.4.0.0 LTS
IBM MQ 9.3.0.0 CD
IBM MQ 9.4.0.0 CD

CWE Classification

CWE-260

References

www.ibm.com /support/pages/node/7243544

{
    "lastseen": "",
    "description": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0\u00a0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.",
    "published": "2025-09-07T00:37:00.421Z",
    "modified": "2025-09-07T00:37:00.421Z",
    "type": "cve",
    "title": "IBM MQ information disclosure",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7243544",
    "id": "CVE-2025-36100",
    "bulletinFamily": "",
    "cwe": [
        "CWE-260"
    ],
    "cvelist": null,
    "sourceData": "IBM MQ 9.1.0.0 LTS\nIBM MQ 9.2.0.0 LTS\nIBM MQ 9.3.0.0 LTS\nIBM MQ 9.4.0.0 LTS\nIBM MQ 9.3.0.0 CD\nIBM MQ 9.4.0.0 CD",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MQ",
    "version": "9.1.0.0 LTS",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}