CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-36100 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-36100
07 Sep 2025 — IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. • https://www.ibm.com/support/pages/node/7243544 • CWE-260: Password in Configuration File •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-33013 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-33013
24 Jul 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release. IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0 y MQ Operator SC2 3.2.0 a 3.2.13 Container podrían divulgar información confidencial a un usuario... • https://www.ibm.com/support/pages/node/7240431 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36005 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-36005
24 Jul 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. Internet Pass-Thru en IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3... • https://www.ibm.com/support/pages/node/7240431 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-3631 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2025-3631
11 Jul 2025 — An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. • https://www.ibm.com/support/pages/node/7237025 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 2CVE-2025-36041 – IBM MQ improper certificate validation
https://notcve.org/view.php?id=CVE-2025-36041
15 Jun 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. A vulnerability exists in IBM MQ (Message Queue) that allows the bypassing of SSL certificate validation. By injecting a fake SSL certificate... • https://packetstorm.news/files/id/208584 • CWE-295: Improper Certificate Validation •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1333 – IBM MQ Operator information disclosure
https://notcve.org/view.php?id=CVE-2025-1333
01 May 2025 — IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user. • https://www.ibm.com/support/pages/node/7232272 • CWE-214: Invocation of Process Using Visible Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27365 – IBM MQ Operator denial of service
https://notcve.org/view.php?id=CVE-2025-27365
01 May 2025 — IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. • https://www.ibm.com/support/pages/node/7232272 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0985 – IBM MQ information disclosure
https://notcve.org/view.php?id=CVE-2025-0985
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. • https://www.ibm.com/support/pages/node/7184453 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54175 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2024-54175
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. • https://www.ibm.com/support/pages/node/7184453 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23225 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2025-23225
28 Feb 2025 — IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. • https://www.ibm.com/support/pages/node/7183372 • CWE-230: Improper Handling of Missing Values •