IBM35E3BF58B2D0D0EBE1D97EDB23D27F9D416692D3DAE69E3D77D9BE77D137C3ABSecurity Bulletin: IBM MQ is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-20952)
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Summary
An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer.
Vulnerability Details
CVEID:CVE-2024-20952
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ | 9.3 CD |
The following installable MQ components are affected by the vulnerability:
- IBM MQ Explorer
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>
Remediation/Fixes
This issue was addressed under APAR IT45826
IBM MQ version 9.3 CD
Apply Cumulative Security Update 9.3.5.1
Workarounds and Mitigations
None
Affected configurations
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%