{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-36100","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:16.297Z","datePublished":"2025-09-07T00:37:00.421Z","dateUpdated":"2025-10-09T16:22:51.045Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.1.0.29:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.2.0.36:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.3.0.30:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.12:*:*:*:lts:*:*:*"],"defaultStatus":"unaffected","product":"MQ","vendor":"IBM","versions":[{"lessThanOrEqual":"9.1.0.29","status":"affected","version":"9.1.0.0","versionType":"semver"},{"lessThanOrEqual":"9.2.0.36","status":"affected","version":"9.2.0.0","versionType":"semver"},{"lessThanOrEqual":"9.3.0.30","status":"affected","version":"9.3.0.0","versionType":"semver"},{"lessThanOrEqual":"9.4.0.12","status":"affected","version":"9.4.0.0","versionType":"semver"}],"x_edition":"LTS"},{"cpes":["cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.3.0:*:*:*:continuous_delivery:*:*:*"],"defaultStatus":"unaffected","product":"MQ","vendor":"IBM","versions":[{"lessThanOrEqual":"9.3.5.1","status":"affected","version":"9.3.0.0","versionType":"semver"},{"lessThanOrEqual":"9.4.3.0","status":"affected","version":"9.4.0.0","versionType":"semver"}],"x_edition":"CD"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user."}],"value":"IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-260","description":"CWE-260 Password in Configuration File","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-10-09T16:22:51.045Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7243544"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"
This issue was addressed under known issue DT444585

IBM MQ version 9.1 LTS
Apply cumulative security update 9.1.0.31

IBM MQ version 9.2 LTS

Apply cumulative security update 9.2.0.37 

IBM MQ version 9.3 LTS

Apply cumulative security update 9.3.0.31

IBM MQ version 9.4 LTS

Apply fix pack 9.4.0.15

IBM MQ version 9.3 CD and 9.4 CD

Upgrade to IBM MQ version 9.4.3.1

\n\n
"}],"value":"This issue was addressed under known issue DT444585\n\n\nIBM MQ version 9.1 LTS\n\n Apply cumulative security update 9.1.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts \n\n\nIBM MQ version 9.2 LTS\n\n Apply cumulative security update 9.2.0.37 https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts   \n\nIBM MQ version 9.3 LTS\n\n Apply cumulative security update 9.3.0.31 https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts \n\nIBM MQ version 9.4 LTS\n\n Apply fix pack 9.4.0.15 https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts \n\nIBM MQ version 9.3 CD and 9.4 CD\n\n Upgrade to IBM MQ version 9.4.3.1 https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd"}],"source":{"discovery":"UNKNOWN"},"title":"IBM MQ information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-08T17:50:17.330773Z","id":"CVE-2025-36100","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-08T17:50:31.796Z"}}]}}