7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
52.9%
An issue was identified with Pacemaker which is used by IBM MQ to supply RDQM functionality.
CVEID:CVE-2020-25654
**DESCRIPTION:**ClusterLabs Pacemaker could allow a local attacker to bypass security restrictions, caused by an access control list bypass flaw. By sending a specially-crafted request using IPC communication with various daemons, an attacker could exploit this vulnerability to perform certain tasks prevented by ACLs.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190582 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM MQ | 9.2 CD |
IBM MQ | 9.2 LTS |
IBM MQ | 9.1 CD |
IBM MQ | 9.1 LTS |
This issue is resolved under APAR IT35522.
IBM MQ 9.1 LTS
IBM MQ 9.2 LTS
IBM MQ 9.1 CD and 9.2 CD
Only applicable to IBM MQ installations with an RDQM HA group configured.
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
52.9%