Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-2654)

2020-07-2709:27:29

www.ibm.com

0.001 Low

EPSS

Percentile

28.7%

JSON

Summary

IBM MQ Appliance has resolved a denial of service vulnerability.

Vulnerability Details

CVEID:CVE-2020-2654
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM MQ Appliance	8.0
IBM MQ Appliance	9.1 LTS
IBM MQ Appliance	9.1 CD

Remediation/Fixes

IBM MQ Appliance V8

Apply FixPack 8.0.0.15, or later.

IBM MQ Appliance V9.1 LTS

Apply FixPack 9.1.0.5, or later.

IBM MQ Appliance V9.1 CD

Apply FixPack 9.1.5, or later.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mq applianceeq8.0.0.0
ibm mq applianceeq8.0.0.1
ibm mq applianceeq8.0.0.3
ibm mq applianceeq8.0.0.4
ibm mq applianceeq8.0.0.5
ibm mq applianceeq8.0.0.6
ibm mq applianceeq8.0.0.7
ibm mq applianceeq8.0.0.8
ibm mq applianceeq8.0.0.9
ibm mq applianceeq8.0.0.10

Name	Operator	Version
ibm mq appliance	eq	8.0.0.0
ibm mq appliance	eq	8.0.0.1
ibm mq appliance	eq	8.0.0.3
ibm mq appliance	eq	8.0.0.4
ibm mq appliance	eq	8.0.0.5
ibm mq appliance	eq	8.0.0.6
ibm mq appliance	eq	8.0.0.7
ibm mq appliance	eq	8.0.0.8
ibm mq appliance	eq	8.0.0.9
ibm mq appliance	eq	8.0.0.10