CVE Vulnerabilities

CVE-2025-0985

Cleartext Storage of Sensitive Information in an Environment Variable

Published: Feb 28, 2025 | Modified: Jun 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD

stores potentially sensitive information in environment variables that could be obtained by a local user.

Weakness

The product uses an environment variable to store unencrypted sensitive information.

Affected Software

Name Vendor Start Version End Version
Mq Ibm 9.3.0 (including) 9.3.0 (including)
Mq Ibm 9.4.0 (including) 9.4.0 (including)

Potential Mitigations

References