Lucene search
IBM51AC73A288F11FA95DFFAB3352111DC297702FF144270A5F5CF51F3466F102C2HistoryJun 15, 2020 - 2:25 p.m.
Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320)
2020-06-1514:25:37
www.ibm.com
10
EPSS
0.001
Percentile
32.8%
Summary
An error was found within the SSLPEER logic within a AMQP channel that meant it would not block/allow certificates as expected.
Vulnerability Details
CVEID:CVE-2020-4320
**DESCRIPTION:**IBM MQ Appliance, IBM MQ, AMQP Channels do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 9.1 LTS |
| IBM MQ | 9.0 LTS |
| IBM MQ | 8.0 |
| IBM MQ | 9.1 CD |
Remediation/Fixes
IBM MQ and IBM MQ Appliance V8
Apply FixPack 8.0.0.15
IBM MQ V9 LTS
Apply FixPack 9.0.0.10
IBM MQ and IBM MQ Appliance V9.1 LTS
Apply FixPack 9.1.0.5
IBM MQ and IBM MQ Appliance V9.1 CD
Apply FixPack 9.1.5
Workarounds and Mitigations
None
Related
ibm
ibm
cve
cve
CVE-2020-4320
2020-06-16 14:15:11
prion
prion
Code injection
2020-06-16 14:15:00
nvd
nvd
CVE-2020-4320
2020-06-16 14:15:11
veracode
veracode
Insecure Access Control
2022-02-16 06:47:34
cvelist
cvelist
CVE-2020-4320
2020-06-16 13:45:21
EPSS
0.001
Percentile
32.8%
Related for 51AC73A288F11FA95DFFAB3352111DC297702FF144270A5F5CF51F3466F102C2