Lucene search

IbmCVELIST:CVE-2020-4682

HistoryJan 28, 2021 - 12:55 p.m.

CVE-2020-4682

2021-01-2812:55:15

ibm

www.cve.org

ibm mq

remote attacker

arbitrary code

unsafe deserialization

x-force id

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

CNA Affected

[
  {
    "product": "MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0"
      },
      {
        "status": "affected",
        "version": "9.0.0"
      },
      {
        "status": "affected",
        "version": "9.1.0"
      },
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "9.2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/186509

www.ibm.com/support/pages/node/6408626

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Related for CVELIST:CVE-2020-4682