IBM MQ Appliance has addressed the following security restrictions bypass vulnerability.
CVEID:CVE-2019-4620
**DESCRIPTION:**IBM MQ Appliance could allow a local attacker to bypass security restrictions caused by improper validation of environment variables.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 8.0 |
IBM MQ Appliance | 9.1 LTS |
IBM MQ Appliance | 9.1 CD |
IBM MQ Appliance 8
Apply fix pack 8.0.0.14, or later.
IBM MQ Appliance version 9.1 LTS
Apply fix pack 9.1.0.4, or later.
IBM MQ Appliance version 9.1 CD
Apply continuous delivery release 9.1.4, or later.
None