Home

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-24 | Updated 2025-08-18 | Assigner ibm




MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Product status

Default status
unaffected

2.0.0 LTS (semver)
affected

Default status
unaffected

3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
affected

Default status
unaffected

3.2.0 SC2 (semver)
affected

References

www.ibm.com/support/pages/node/7240431 vendor-advisory patch

cve.org (CVE-2025-33013)

nvd.nist.gov (CVE-2025-33013)

Download JSON