CVE-2025-1333

May 1, 2025, 10:15 p.m.

6.0
Medium

Description

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.

Product(s) Impacted

Vendor Product Versions
Ibm
  • Ibm Mq Operator Lts
  • Ibm Mq Operator Cd
  • Ibm Mq Operator Sc2
  • 2.0.0-2.0.29
  • 3.0.0, 3.0.1, 3.1.0-3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1
  • 3.2.0-3.2.10

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-214
Invocation of Process Using Visible Sensitive Information
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a ibm ibm_mq_operator_lts 2.0.0-2.0.29 / / / / / / /
a ibm ibm_mq_operator_cd 3.0.0 / / / / / / /
a ibm ibm_mq_operator_cd 3.0.1 / / / / / / /
a ibm ibm_mq_operator_cd 3.1.0-3.1.3 / / / / / / /
a ibm ibm_mq_operator_cd 3.3.0 / / / / / / /
a ibm ibm_mq_operator_cd 3.4.0 / / / / / / /
a ibm ibm_mq_operator_cd 3.4.1 / / / / / / /
a ibm ibm_mq_operator_cd 3.5.0 / / / / / / /
a ibm ibm_mq_operator_cd 3.5.1 / / / / / / /
a ibm ibm_mq_operator_sc2 3.2.0-3.2.10 / / / / / / /

References

https://www.ibm.com/support/pages/node/7232272

Tags

psirt@us.ibm.com
CWE-214
2025-05-01
CVE-2025-1333

CVSS Score

6.0 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

    View Vector String

Timeline

Published: May 1, 2025, 10:15 p.m.
Last Modified: May 1, 2025, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@us.ibm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.