CVE-2025-36222
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-10-02
Assigner: IBM Corporation
Description
Description
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | storage_fusion | From 2.2.0 (inc) to 2.11.0 (exc) |
| ibm | storage_fusion_hci | From 2.2.0 (inc) to 2.11.0 (exc) |
| ibm | storage_fusion_hci_for_watsonx | From 2.8.2 (inc) to 2.11.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves IBM Fusion versions 2.2.0 through 2.10.1 and related products using insecure default configurations that expose AMQStreams without requiring client authentication. This exposure could allow an attacker to perform unauthorized actions on the system.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to perform unauthorized actions on exposed AMQStreams, potentially leading to unauthorized access or manipulation of data or services within the affected IBM Fusion environments.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70