An applicable vulnerability was found in the json-c library that is bundled with MQ server and native client installations.
CVEID:CVE-2020-12762
**DESCRIPTION:**json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182094 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.1 LTS |
IBM MQ | 9.2 CD |
IBM MQ | 9.2 LTS |
IBM MQ version 9.1 LTS
IBM MQ version 9.2 LTS
IBM MQ version 9.2 CD
None