App Connect Enterprise Certified Container Integration Servers could allow a local privileged user to obtain highly sensitive information due to inclusion of data within trace files when communicating with an MQ server due to CVE-2020-4498.
CVEID:CVE-2020-4498
**DESCRIPTION:**IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182118 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 1.0.0 with Operator |
App Connect Enterprise Certified Container | 1.0.1 with Operator |
App Connect Enterprise Certified Container | 1.0.2 with Operator |
App Connect Enterprise Certified Container | 1.0.3 with Operator |
App Connect Enterprise Certified Container | 1.0.4 with Operator |
App Connect Enterprise Certified Container | 1.0.5 with Operator |
Upgrade to App Connect Enterprise Certified Container to Operator version 1.1.0 (available in CASE 1.1.0) or higher, and ensure that any Integration Server components are upgraded to 11.0.0.10-r3 or higher
This is only applicable if an Integration Server container is attempting to collect MQ trace.