Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-36005

Опубликовано: 24 июл. 2025
Источник: nvd
CVSS3: 5.9
CVSS3: 6.5
EPSS Низкий

Описание

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*
Версия от 2.0.0 (включая) до 2.0.29 (включая)
cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*
Версия от 3.2.0 (включая) до 3.2.13 (включая)
cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*
Версия от 3.5.1 (включая) до 3.6.0 (включая)
cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r3:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.3.0:r1:*:*:cd:*:*:*

EPSS

Процентиль: 4%
0.00018
Низкий

5.9 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

github логотип

GHSA-vx28-r268-g868

CVSS3: 5.9
github
7 месяцев назад

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.

EPSS

Процентиль: 4%
0.00018
Низкий

5.9 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-295