{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36100", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:16.297Z", "datePublished": "2025-09-07T00:37:00.421Z", "dateUpdated": "2025-09-08T17:50:31.796Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.1.0.29:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0.36:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.30:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.12:*:*:*:lts:*:*:*"], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [{"lessThanOrEqual": "9.1.0.29 LTS", "status": "affected", "version": "9.1.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "9.2.0.36 LTS", "status": "affected", "version": "9.2.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "9.3.0.30 LTS", "status": "affected", "version": "9.3.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "9.4.0.12 LTS", "status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "9.3.5.1 CD", "status": "affected", "version": "9.3.0.0 CD", "versionType": "semver"}, {"lessThanOrEqual": "9.4.3.0 CD", "status": "affected", "version": "9.4.0.0 CD", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0&nbsp; Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user."}], "value": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0\u00a0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-260", "description": "CWE-260 Password in Configuration File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-07T00:37:00.421Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7243544"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>This issue was addressed under known issue DT444585</div><br><div>IBM MQ version 9.1 LTS</div><div><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts\">Apply cumulative security update 9.1.0.31</a></div><br><p>IBM MQ version 9.2 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts\">Apply cumulative security update 9.2.0.37</a>&nbsp; </p><p>IBM MQ version 9.3 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts\">Apply cumulative security update 9.3.0.31</a></p><p>IBM MQ version 9.4 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts\">Apply fix pack 9.4.0.15</a></p><p>IBM MQ version 9.3 CD and 9.4 CD</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd\">Upgrade to IBM MQ version 9.4.3.1</a></p></div>\n\n<br>"}], "value": "This issue was addressed under known issue DT444585\n\n\nIBM MQ version 9.1 LTS\n\n Apply cumulative security update 9.1.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts \n\n\nIBM MQ version 9.2 LTS\n\n Apply cumulative security update 9.2.0.37 https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts \u00a0 \n\nIBM MQ version 9.3 LTS\n\n Apply cumulative security update 9.3.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts \n\nIBM MQ version 9.4 LTS\n\n Apply fix pack 9.4.0.15 https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts \n\nIBM MQ version 9.3 CD and 9.4 CD\n\n Upgrade to IBM MQ version 9.4.3.1 https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T17:50:17.330773Z", "id": "CVE-2025-36100", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T17:50:31.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T17:50:17.330773Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T17:50:22.346Z"}}], "cna": {"title": "IBM MQ information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.1.0.29:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.2.0.36:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.30:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.3.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.12:*:*:*:lts:*:*:*"], "vendor": "IBM", "product": "MQ", "versions": [{"status": "affected", "version": "9.1.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.1.0.29 LTS"}, {"status": "affected", "version": "9.2.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.2.0.36 LTS"}, {"status": "affected", "version": "9.3.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.3.0.30 LTS"}, {"status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.4.0.12 LTS"}, {"status": "affected", "version": "9.3.0.0 CD", "versionType": "semver", "lessThanOrEqual": "9.3.5.1 CD"}, {"status": "affected", "version": "9.4.0.0 CD", "versionType": "semver", "lessThanOrEqual": "9.4.3.0 CD"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was addressed under known issue DT444585\n\n\nIBM MQ version 9.1 LTS\n\n Apply cumulative security update 9.1.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts \n\n\nIBM MQ version 9.2 LTS\n\n Apply cumulative security update 9.2.0.37 https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts \u00a0 \n\nIBM MQ version 9.3 LTS\n\n Apply cumulative security update 9.3.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts \n\nIBM MQ version 9.4 LTS\n\n Apply fix pack 9.4.0.15 https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts \n\nIBM MQ version 9.3 CD and 9.4 CD\n\n Upgrade to IBM MQ version 9.4.3.1 https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd", "supportingMedia": [{"type": "text/html", "value": "<div>This issue was addressed under known issue DT444585</div><br><div>IBM MQ version 9.1 LTS</div><div><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts\">Apply cumulative security update 9.1.0.31</a></div><br><p>IBM MQ version 9.2 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts\">Apply cumulative security update 9.2.0.37</a>&nbsp; </p><p>IBM MQ version 9.3 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts\">Apply cumulative security update 9.3.0.31</a></p><p>IBM MQ version 9.4 LTS</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts\">Apply fix pack 9.4.0.15</a></p><p>IBM MQ version 9.3 CD and 9.4 CD</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd\">Upgrade to IBM MQ version 9.4.3.1</a></p></div>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7243544", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0\u00a0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.", "supportingMedia": [{"type": "text/html", "value": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0&nbsp; Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-260", "description": "CWE-260 Password in Configuration File"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-07T00:37:00.421Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36100", "state": "PUBLISHED", "dateUpdated": "2025-09-08T17:50:31.796Z", "dateReserved": "2025-04-15T21:16:16.297Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-09-07T00:37:00.421Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0\u00a0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user."}], "id": "CVE-2025-36100", "lastModified": "2025-09-08T16:25:38.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-09-07T01:15:32.370", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7243544"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-260"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}