Lucene search

IbmCVELIST:CVE-2020-4320

HistoryJun 15, 2020 - 12:00 a.m.

CVE-2020-4320

2020-06-1500:00:00

ibm

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

CNA Affected

[
  {
    "product": "MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "9.0.LTS"
      },
      {
        "status": "affected",
        "version": "9.1.LTS"
      },
      {
        "status": "affected",
        "version": "9.1.CD"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/177403

www.ibm.com/support/pages/node/5736885

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVELIST:CVE-2020-4320