Lucene search
IBM45BE319758F6087578372E922C615F311505762F2BD4BFBA4D01FB6891B06420HistoryJun 26, 2020 - 3:53 p.m.
Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320)
2020-06-2615:53:18
www.ibm.com
8
EPSS
0.001
Percentile
32.8%
Summary
An error was found within the SSLPEER logic within a AMQP channel which meant that it would not block/allow certificates as expected.
Vulnerability Details
CVEID:CVE-2020-4320
**DESCRIPTION:**IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance V8
Apply FixPack 8.0.0.15
IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.5
IBM MQ Appliance V9.1 CD
Apply FixPack 9.1.5
Workarounds and Mitigations
None
Related
cve
cve
CVE-2020-4320
2020-06-16 14:15:11
ibm
ibm
prion
prion
Code injection
2020-06-16 14:15:00
nvd
nvd
CVE-2020-4320
2020-06-16 14:15:11
veracode
veracode
Insecure Access Control
2022-02-16 06:47:34
cvelist
cvelist
CVE-2020-4320
2020-06-16 13:45:21
EPSS
0.001
Percentile
32.8%
Related for 45BE319758F6087578372E922C615F311505762F2BD4BFBA4D01FB6891B06420