Description
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7244646
Scores
CVSS v3
8.7
EPSS
0.0035
EPSS Percentile
26.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1188
Status
published
Products (3)
ibm/storage_fusion
2.2.0 - 2.11.0
ibm/storage_fusion_hci
2.2.0 - 2.11.0
ibm/storage_fusion_hci_for_watsonx
2.8.2 - 2.11.0
Published
Sep 11, 2025
Tracked Since
Feb 18, 2026