CVE-2025-36041

medium

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

References

https://www.ibm.com/support/pages/node/7236608

Details

Source: Mitre, NVD

Published: 2025-06-15

Updated: 2025-06-16

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:M/C:P/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N