IBM MQ Appliance has resolved a TLS vulnerability first reported against the IBM DataPower Gateway.
CVEID:CVE-2020-4831
**DESCRIPTION:**IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.2 CD |
IBM MQ Appliance | 9.2 LTS |
This vulnerability is addressed under APAR IT36321.
IBM MQ Appliance version 9.2 LTS
Apply fix pack 9.2.0.2, or later firmware.
IBM MQ Appliance version 9.2 CD
Apply 9.2.2 interim fix firmware for APAR IT36321, or later firmware.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | 9.2.0.0 | |
ibm mq appliance | eq | 9.2.0.1 | |
ibm mq appliance | eq | 9.2.1 | |
ibm mq appliance | eq | 9.2.2 |