CVE-2025-36222

Summary

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

Affected Software

VendorProductVersion RangeStatus
IBMFusion2.2.0 <= 2.10.1affected
IBMFusion HCI2.2.0 <= 2.10.0affected
IBMFusion HCI for watsonx2.8.2 <= 2.10.0affected

Weaknesses

  • CWE-1188: CWE-1188 Insecure Default Initialization of Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References