CNNVD-202506-3804 Information

CNNVD ID

CNNVD-202506-3804

Related CVE

CVE-2025-33181

• CNNVD Published: 2025-06-27

Description (Chinese)

IBM MQ是美国国际商业机器（IBM）公司的一款消息传递中间件产品。该产品主要为面向服务的体系结构（SOA）提供可靠的、经过验证的消息传递主干网。 IBM MQ存在命令注入漏洞，该漏洞源于可通过IPT绕过限制，可能导致获取用户权限。

Description (English)

IBM MQ is an intermediate message from the United States International Business Machine (IBM). The product provides a reliable and validated backbone for service-oriented system structures (SOAs). IBM MQ has a command-in-command loophole, which stems from the possibility of circumventing restrictions through IPT, which may lead to access to user privileges.

Vulnerability Type

命令注入

Affected Vendor

国际商业机器

Published

2025-06-27

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33181 https://nvidia.custhelp.com/app/answers/detail/a_id/5722 https://www.cve.org/CVERecord?id=CVE-2025-33181 https://vigilance.fr/vulnerability/IBM-MQ-user-access-via-IPT-47559

Patch

https://www.ibm.com/support/pages/security-bulletin-sni-incorrect-when-more-one-channel-connects-through-ibm-mq-ipt-client-route