IBM0861F5E62017A9E558CC56DA8169D123FCFF1A210C68B4553C23C96FCBE5EC4CSecurity Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203)
0.001 Low
EPSS
Percentile
31.1%
Summary
IBM MQ Appliance has addressed the following vulnerabilities.
Vulnerability Details
CVEID:CVE-2020-4205
**DESCRIPTION:**IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174961 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2020-4203
**DESCRIPTION:**IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174956 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.15, or later.
IBM MQ Appliance 9.1 LTS
Apply fixpack 9.1.0.6, or later.
IBM MQ Appliance 9.1 CD
Apply IBM MQ Appliance 9.2, or later.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
31.1%