Lucene search
IBMC6E2124D668D9C452781B76A9532387609B456AD14197200F1528DDA205FB771HistoryOct 13, 2020 - 5:18 p.m.
Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4528)
2020-10-1317:18:20
www.ibm.com
6
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM MQ Appliance has resolved an information disclosure vulnerability.
Vulnerability Details
CVEID:CVE-2020-4528
**DESCRIPTION:**IBM MQ Appliance could allow a local user, under special conditions, to obtain highly sensitive information from log files.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182658 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.2 |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance 9.1 LTS
Apply iFix IT33097, or later maintenance
IBM MQ Appliance 9.1 CD
Upgrade to 9.2.0.1 LTS Fixpack, or later maintenance*
- The latest available Continuous Delivery (CD) firmware level at the time of publishing is 9.2.0. As this firmware level is also an LTS level, it is valid to apply the 9.2.0.1 LTS fix pack and then update to a subsequent CD release (ie. 9.2.1 CD) once available. Please refer to the IBM MQ FAQ for Long Term Support and Continuous Delivery releases for additional information on LTS and CD releases.
IBM MQ Appliance 9.2
Apply 9.2.0.1 LTS Fixpack, or later maintenance
Workarounds and Mitigations
None
Related
prion
prion
Design/Logic Flaw
2020-10-06 16:15:00
cvelist
cvelist
CVE-2020-4528
2020-10-05 00:00:00
nvd
nvd
CVE-2020-4528
2020-10-06 16:15:13
cve
cve
CVE-2020-4528
2020-10-06 16:15:13
0.0004 Low
EPSS
Percentile
5.1%
Related for C6E2124D668D9C452781B76A9532387609B456AD14197200F1528DDA205FB771