IBM4AB563F650DE099BE8BE42104D4D1982168A2B431C295EB4F04698BC430387F4Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to a denial of service attack (CVE-2020-4766)
EPSS
Percentile
47.8%
Summary
An issue was found within IBM MQ Internet Pass-Thru that could allow an attacker to execute a denial of service attack.
Vulnerability Details
CVEID:CVE-2020-4766
**DESCRIPTION:**IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending malformed MQ data requests that would consume all available resources.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Internet Pass-Thru | 2.1 |
| IBM MQ Internet Pass-Thru | 9.2 |
Remediation/Fixes
IBM MQ Internet Pass-Thru 2.1
Note: MQ IPT 2.1.0.5 is provided on Solaris platforms only, for users with appropriate extended support entitlement. Users of MQ IPT 2.1 on all other platforms should migrate to one of the MQ IPT 9.2 levels listed below (or later).
IBM MQ Internet Pass-Thru 9.2 LTS
IBM MQ Internet Pass-Thru 9.2 CD
Workarounds and Mitigations
None
Related
EPSS
Percentile
47.8%