IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-22522 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Fixes

Solution

Issues mentioned by this security bulletin are addressed in - IBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. IBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image. IBM MQ Container 9.4.3.0-r2 release. IBM strongly recommends applying the latest container images. IBM MQ Operator v3.6.1 CD release details: ibm-mq-operator v3.6.1 icr.io icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03 ibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d ibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed ibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5 IBM MQ Operator v3.2.14 SC2 release details: ibm-mq-operator v3.2.14 icr.io icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf ibm-mqadvanced-server 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d ibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014 ibm-mqadvanced-server-dev 9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15 IBM MQ Container 9.4.3.0-r2 release details: ibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d ibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5


Workaround

No workaround given by the vendor.

History

Fri, 22 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ibm supplied Mq Advanced Container Images
CPEs cpe:2.3:a:ibm:mq_operator:*:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:*:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq_operator:*:*:*:*:sc2:*:*:*
cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.0:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.10:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.11:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.15:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.16:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.17:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.1:r4:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.20:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.21:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.25:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.3:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.4:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.5:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.3.0.6:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.0:r3:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.10:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.11:r3:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.5:r2:*:*:lts:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.6:r2:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.0.7:r1:*:*:sc2:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.0:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.1.1:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.0:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r1:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.2.1:r2:*:*:cd:*:*:*
cpe:2.3:a:ibm:supplied_mq_advanced_container_images:9.4.3.0:r1:*:*:cd:*:*:*
Vendors & Products Ibm supplied Mq Advanced Container Images

Thu, 24 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 24 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
Description IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Title IBM MQ Operator information disclosure
First Time appeared Ibm
Ibm mq Operator
Weaknesses CWE-295
CPEs cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*
cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*
cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*
Vendors & Products Ibm
Ibm mq Operator
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-17T01:24:38.369Z

Reserved: 2025-04-15T21:16:05.532Z

Link: CVE-2025-36005

cve-icon Vulnrichment

Updated: 2025-07-24T15:03:59.841Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-24T15:15:26.083

Modified: 2025-08-22T18:08:49.657

Link: CVE-2025-36005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.