Lucene search
IBM05B38AFD7B0FB8DC178960F785A64D6B3834F557362C75032F968648D943E9D6HistoryJan 23, 2020 - 2:59 p.m.
Security Bulletin: IBM MQ Appliance could allow a local attacker to bypass security restrictions (CVE-2019-4620)
2020-01-2314:59:12
www.ibm.com
6
EPSS
0
Percentile
5.1%
Summary
IBM MQ Appliance has addressed the following security restrictions bypass vulnerability.
Vulnerability Details
CVEID:CVE-2019-4620
**DESCRIPTION:**IBM MQ Appliance could allow a local attacker to bypass security restrictions caused by improper validation of environment variables.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance 8
Apply fix pack 8.0.0.14, or later.
IBM MQ Appliance version 9.1 LTS
Apply fix pack 9.1.0.4, or later.
IBM MQ Appliance version 9.1 CD
Apply continuous delivery release 9.1.4, or later.
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2019-4620
2020-01-28 18:30:53
prion
prion
Input validation
2020-01-28 19:15:00
nessus
nessus
cve
cve
CVE-2019-4620
2020-01-28 19:15:13
nvd
nvd
CVE-2019-4620
2020-01-28 19:15:13