An issue was found within the MQ queue manager message processing logic that could allow an attacker to cause corrupt data when using segmented messages with a queue manager that is configured to use Linear Logging.
CVEID:CVE-2020-4592
**DESCRIPTION:**IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.1 LTS |
IBM MQ | 9.0 LTS |
IBM MQ | 8.0 |
IBM MQ | 9.1 CD |
IBM WebSphere MQ | 7.5 |
IBM WebSphere MQ 7.5
Contact IBM Support and request a fix for APAR IT31663
IBM MQ 8.0
Apply interim fix for APAR IT31663
IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.1 CD
None