An issue was identified with Pacemaker which is used by IBM MQ to supply RDQM functionality.
CVEID:CVE-2020-25654
**DESCRIPTION:**ClusterLabs Pacemaker could allow a local attacker to bypass security restrictions, caused by an access control list bypass flaw. By sending a specially-crafted request using IPC communication with various daemons, an attacker could exploit this vulnerability to perform certain tasks prevented by ACLs.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190582 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.2 CD |
IBM MQ | 9.2 LTS |
IBM MQ | 9.1 CD |
IBM MQ | 9.1 LTS |
This issue is resolved under APAR IT35522.
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.1 CD and 9.2 CD
Only applicable to IBM MQ installations with an RDQM HA group configured.