Lucene search

IBM360A532A824E2C2FF5738257AADA989D56DA13389309F349189AA4DF31F97CE2

HistoryJan 08, 2021 - 11:05 p.m.

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)

2021-01-0823:05:42

www.ibm.com

0.003 Low

EPSS

Percentile

70.8%

JSON

Summary

An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy.

Vulnerability Details

CVEID:CVE-2020-13920
**DESCRIPTION:**Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI registry. By creating another server to proxy the original, an attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain user credentials or further compromise the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188067 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Secure Proxy	6.0.0 - 6.0.1.1 iFix 2
IBM Sterling Secure Proxy	3.4.3.2 through iFix 9

Remediation/Fixes

Product

VRMF

iFix

How to acquire fix

—|—|—|—

IBM Sterling Secure Proxy

6.0.1.1

iFix 3

Fix Central

IBM Sterling Secure Proxy

3.4.3.2

iFix 10

Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling secure proxyeq6.0.1.1
ibm sterling secure proxyeq3.4.3.2

CPE	Name	Operator	Version
	ibm sterling secure proxy	eq	6.0.1.1
	ibm sterling secure proxy	eq	3.4.3.2

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for 360A532A824E2C2FF5738257AADA989D56DA13389309F349189AA4DF31F97CE2