CNNVD-202507-3095 Information
CNNVD ID
CNNVD-202507-3095
Related CVE
- CNNVD Published: 2025-07-24
Description (Chinese)
IBM MQ等都是美国国际商业机器(IBM)公司的产品。IBM MQ是一款消息传递中间件产品。IBM MQ Operator是一种用于管理 IBM MQ 队列管理器生命周期的工具。IBM MQ Container CD是一个IBM MQ的容器化部署方案。 IBM多款产品存在信任管理问题漏洞,该漏洞源于证书验证不当,可能导致敏感信息泄露。以下产品及版本受到影响:IBM MQ Operator LTS 2.0.0至2.0.29版本、MQ Operator CD 3.0.0、3.0.1、3.1.0至3.1.3、3.3.0、3.4.0、3.4.1、3.5.0、3.5.1、3.6.0和MQ Operator SC2 3.2.0至3.2.13版本。
Description (English)
IBM MQ and others are products of IBM. IBM MQ is an intermediate product. IBM MQ Operator is a tool to manage the life cycle of the IBM MQ queue manager. IBM MQ Container CD is a containerization deployment programme for IBM MQ. There is a confidence management gap in IBM products, which arises from the improper certification of certificates and may lead to the disclosure of sensitive information. The following products and versions were affected: IBM MQ Operator LTS Versions 2.0.0 to 2.0.29, MQ Operator CD Versions 3.0.0, 3.01, 3.1.0 to 3.1.3, 3.3.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0 and MQ Operator SC2 2.0 to 3.2.13.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
国际商业机器
Published
2025-07-24
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7240431 https://nvd.nist.gov/vuln/detail/CVE-2025-36005
Patch
https://www.ibm.com/support/pages/node/7240431
Share on: