Sensitive Information Exposure in IBM MQ by IBM
CVE-2025-0985

5.5MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
28 February 2025

Summary

IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD are affected by a vulnerability that allows local users to access potentially sensitive information stored in environment variables. This exposure could lead to unauthorized data access, raising significant security concerns for systems utilizing these versions of IBM MQ.

Affected Version(s)

MQ 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.