Lucene search

K
ibmIBM35E3BF58B2D0D0EBE1D97EDB23D27F9D416692D3DAE69E3D77D9BE77D137C3AB
HistoryApr 26, 2024 - 7:50 p.m.

Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-20952)

2024-04-2619:50:32
www.ibm.com
18
ibm
mq
vulnerability
semeru runtime
fix
java se
security bulletin
cve-2024-20952
apar it45826
security update 9.3.5.1

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

34.2%

Summary

An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer.

Vulnerability Details

**CVEID:**CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MQ 9.3 CD

The following installable MQ components are affected by the vulnerability:

- IBM MQ Explorer

If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins

Remediation/Fixes

This issue was addressed under APAR IT45826

IBM MQ version 9.3 CD

Apply Cumulative Security Update 9.3.5.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmqMatch9.3
VendorProductVersionCPE
ibmmq9.3cpe:2.3:a:ibm:mq:9.3:*:*:*:*:*:*:*

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

34.2%