IBM632B80335776449F0CE32F1714F32DA9BC5D2B193E565EF16325CA50F1C33C26Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration, to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592)
EPSS
Percentile
19.6%
Summary
An issue was found within the MQ queue manager message processing logic that could allow an attacker to cause corrupt data when using segmented messages with a queue manager that is configured to use Linear Logging.
Vulnerability Details
CVEID:CVE-2020-4592
**DESCRIPTION:**IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 9.1 LTS |
| IBM MQ | 9.0 LTS |
| IBM MQ | 8.0 |
| IBM MQ | 9.1 CD |
| IBM WebSphere MQ | 7.5 |
Remediation/Fixes
IBM WebSphere MQ 7.5
Contact IBM Support and request a fix for APAR IT31663
IBM MQ 8.0
Apply interim fix for APAR IT31663
IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.1 CD
Workarounds and Mitigations
None
Related
EPSS
Percentile
19.6%