An issue was identified in Eclipse that IBM MQ uses within IBM MQ Explorer.
CVEID:CVE-2020-27225
**DESCRIPTION:**Eclipse could allow a local attacker to execute arbitrary commands on the system, caused by the failure to authenticate active help requests to the local help web server. An attacker could exploit this vulnerability to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.2 LTS |
IBM MQ | 9.2 CD |
IBM MQ | 9.1 LTS |
IBM MQ | 9.0 LTS |
This issue was resolved under the following APARs: IT36319 (IBM MQ Explorer 9.2 LTS and CD), IT36383 (IBM MQ Explorer 9.1) and IT36791 (IBM MQ Explorer 9.0).
IBM MQ 9.2 LTS
IBM MQ 9.2 CD
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
None