CVE-2025-36100

CWE-2603 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 98.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ
Timeline
PublishedSep 7

Description

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages2 packages

NVDibm/mq9.1.0.09.1.0.31+5
CVEListV5ibm/mq9.1.0.09.1.0.29+5

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM MQ information disclosure2025-09-07
GHSA
GHSA-v736-7qxc-59qf: IBM MQ LTS 92025-09-07
CVE-2025-36100 (MEDIUM CVSS 5.5) | IBM MQ LTS 9.1.0.0 through 9.1.0.29 | cvebase.io