Lucene search

[email protected]NVD:CVE-2020-4682

HistoryJan 28, 2021 - 1:15 p.m.

CVE-2020-4682

2021-01-2813:15:12

CWE-502

[email protected]

web.nvd.nist.gov

ibm mq

unsafe deserialization

remote code execution

ibm x-force id

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

Affected configurations

Nvd

Node

ibmmqMatch8.0.0.0

ibmmqMatch8.0.0.1

ibmmqMatch8.0.0.2

ibmmqMatch8.0.0.3

ibmmqMatch8.0.0.4

ibmmqMatch8.0.0.5

ibmmqMatch8.0.0.6

ibmmqMatch8.0.0.7

ibmmqMatch8.0.0.8

ibmmqMatch8.0.0.9

ibmmqMatch8.0.0.10

ibmmqMatch8.0.0.11

ibmmqMatch8.0.0.12

ibmmqMatch8.0.0.13

ibmmqMatch8.0.0.14

ibmmqMatch8.0.0.15

ibmmqMatch9.0.0.0lts

ibmmqMatch9.0.0.1lts

ibmmqMatch9.0.0.2lts

ibmmqMatch9.0.0.3lts

ibmmqMatch9.0.0.4lts

ibmmqMatch9.0.0.5lts

ibmmqMatch9.0.0.6lts

ibmmqMatch9.0.0.7lts

ibmmqMatch9.0.0.8lts

ibmmqMatch9.0.0.9lts

ibmmqMatch9.0.0.10lts

ibmmqMatch9.1.0.0lts

ibmmqMatch9.1.0.1lts

ibmmqMatch9.1.0.2lts

ibmmqMatch9.1.0.3lts

ibmmqMatch9.1.0.4lts

ibmmqMatch9.1.0.5lts

ibmmqMatch9.1.0.6lts

ibmmqMatch9.2.0.0continuous_delivery

ibmmqMatch9.2.1.0continuous_delivery

ibmmq_applianceMatch9.2.0.0lts

ibmwebsphere_mqMatch7.5.0.0

ibmwebsphere_mqMatch7.5.0.1

ibmwebsphere_mqMatch7.5.0.2

ibmwebsphere_mqMatch7.5.0.3

ibmwebsphere_mqMatch7.5.0.4

ibmwebsphere_mqMatch7.5.0.5

ibmwebsphere_mqMatch7.5.0.6

ibmwebsphere_mqMatch7.5.0.7

ibmwebsphere_mqMatch7.5.0.8

ibmwebsphere_mqMatch7.5.0.9

VendorProductVersionCPE
ibmmq8.0.0.0cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*
ibmmq8.0.0.1cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*
ibmmq8.0.0.2cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*
ibmmq8.0.0.3cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*
ibmmq8.0.0.4cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*
ibmmq8.0.0.5cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*
ibmmq8.0.0.6cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*
ibmmq8.0.0.7cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*
ibmmq8.0.0.8cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*
ibmmq8.0.0.9cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	mq	8.0.0.0	cpe:2.3:a:ibm:mq:8.0.0.0:::::::*
ibm	mq	8.0.0.1	cpe:2.3:a:ibm:mq:8.0.0.1:::::::*
ibm	mq	8.0.0.2	cpe:2.3:a:ibm:mq:8.0.0.2:::::::*
ibm	mq	8.0.0.3	cpe:2.3:a:ibm:mq:8.0.0.3:::::::*
ibm	mq	8.0.0.4	cpe:2.3:a:ibm:mq:8.0.0.4:::::::*
ibm	mq	8.0.0.5	cpe:2.3:a:ibm:mq:8.0.0.5:::::::*
ibm	mq	8.0.0.6	cpe:2.3:a:ibm:mq:8.0.0.6:::::::*
ibm	mq	8.0.0.7	cpe:2.3:a:ibm:mq:8.0.0.7:::::::*
ibm	mq	8.0.0.8	cpe:2.3:a:ibm:mq:8.0.0.8:::::::*
ibm	mq	8.0.0.9	cpe:2.3:a:ibm:mq:8.0.0.9:::::::*

Rows per page:

1-10 of 471

References

exchange.xforce.ibmcloud.com/vulnerabilities/186509

www.ibm.com/support/pages/node/6408626

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Related for NVD:CVE-2020-4682

veracode1 nessus1 prion1 ibm7 cvelist1 cve1