Lucene search

IBM04C8E3A494EA7B47339DCF91B6406E1D6149A85E744A5178BA5D8096AC3F2558

HistoryNov 15, 2021 - 3:33 p.m.

Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse (CVE-2020-27225)

2021-11-1515:33:52

www.ibm.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

An issue was identified in Eclipse that IBM MQ uses within IBM MQ Explorer.

Vulnerability Details

CVEID:CVE-2020-27225
**DESCRIPTION:**Eclipse could allow a local attacker to execute arbitrary commands on the system, caused by the failure to authenticate active help requests to the local help web server. An attacker could exploit this vulnerability to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ	9.2 LTS
IBM MQ	9.2 CD
IBM MQ	9.1 LTS
IBM MQ	9.0 LTS

Remediation/Fixes

This issue was resolved under the following APARs: IT36319 (IBM MQ Explorer 9.2 LTS and CD), IT36383 (IBM MQ Explorer 9.1) and IT36791 (IBM MQ Explorer 9.0).

IBM MQ 9.2 LTS

Apply FixPack 9.2.0.2

IBM MQ 9.2 CD

Upgrade to IBM MQ 9.2.3 CD

IBM MQ 9.1 LTS

Apply Fixpack 9.1.0.8

IBM MQ 9.0 LTS

Apply FixPack 9.0.0.12

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq9.1.0
ibm mqeq9.2.0
ibm mqeq9.0.0

Name	Operator	Version
ibm mq	eq	9.1.0
ibm mq	eq	9.2.0
ibm mq	eq	9.0.0

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for 04C8E3A494EA7B47339DCF91B6406E1D6149A85E744A5178BA5D8096AC3F2558