An issue was found within cURL libcurl that IBM MQ uses. This issue could affect users of the CCDTURL feature.
CVEID:CVE-2020-8284
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper validation of FTP PASV responses. By persuading a victim to connect a specially-crafted server, an attacker could exploit this vulnerability to obtain sensitive information about services, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192854 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.2 CD |
IBM MQ | 9.2 LTS |
IBM MQ | 9.1 LTS |
IBM MQ | 9.0 LTS |
This issue was resolved via APAR IT35440
IBM MQ 9.0 LTS
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.2 CD
None