CVE-2025-1333 Information

Description

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29 MQ Operator CD 3.0.0 3.0.1 3.1.0 through 3.1.3 3.3.0 3.4.0 3.4.1 3.5.0 3.5.1 and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Reference

https://www.ibm.com/support/pages/node/7232272

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.0