CNNVD-202509-1027 Information
CNNVD ID
CNNVD-202509-1027
Related CVE
- CNNVD Published: 2025-09-07
Description (Chinese)
IBM MQ是美国国际商业机器(IBM)公司的一款消息传递中间件产品。该产品主要为面向服务的体系结构(SOA)提供可靠的、经过验证的消息传递主干网。 IBM MQ存在安全漏洞,该漏洞源于启用跟踪时在客户端配置文件中存储密码。以下产品及版本受到影响:IBM MQ LTS 9.1.0.29及之前版本、9.2.0.36及之前版本、9.3.0.30及之前版本和9.4.0.12及之前版本以及IBM MQ CD 9.3.5.1及之前版本和9.4.3.0及之前版本。
Description (English)
IBM MQ is an intermediate message from the United States International Business Machine (IBM). The product provides a reliable and validated backbone for service-oriented system structures (SOAs). IBM MQ has a security loophole, which results from the storage of passwords in the client configuration file when the tracking is enabled. The following products and versions have been affected: IBM MQ LTS 9.1.0.29 and earlier, 9.2.0.36 and earlier, 9.3.0.30 and earlier, 9.4.0.12 and before, and IBM MQ CD 9.3.5.1 and earlier and 9.4.3.0 and earlier.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
国际商业机器
Published
2025-09-07
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7243544 https://access.redhat.com/security/cve/cve-2025-36100 https://vigilance.fr/vulnerability/IBM-MQ-information-disclosure-via-Client-Configuration-Files-Password-48132
Patch
https://www.ibm.com/support/pages/node/7243544
Share on: