IBM3978D03D6A09072BF94DFAAB9A62F704C70774A9E42AEEB90D67586C6A2BCE9FSecurity Bulletin: IBM MQ Appliance is vulnerable to a buffer overflow vulnerability (CVE-2020-4465)
EPSS
Percentile
43.8%
Summary
IBM MQ Appliance has resolved a buffer overflow vulnerability.
Vulnerability Details
CVEID:CVE-2020-4465
**DESCRIPTION:**IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop are vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181562 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.15, or later.
IBM MQ Appliance 9.1 LTS
Apply fixpack 9.1.0.6, or later.
IBM MQ Appliance 9.1 CD
Apply IBM MQ Appliance 9.2, or later.
Workarounds and Mitigations
None
Related
EPSS
Percentile
43.8%