Sensitive Information Exposure in IBM MQ by IBM
CVE-2025-0985
5.5MEDIUM
Summary
IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD are affected by a vulnerability that allows local users to access potentially sensitive information stored in environment variables. This exposure could lead to unauthorized data access, raising significant security concerns for systems utilizing these versions of IBM MQ.
Affected Version(s)
MQ 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved