Lucene search
IBMFA616DACC94195BC6A29D198FC854A57A8391FC063A30B1C53F2E3EC5E682C85HistoryJul 27, 2020 - 9:26 a.m.
Security Bulletin: IBM MQ Appliance is vulnerable to sensitive information disclosure vulnerability (CVE-2020-4319)
2020-07-2709:26:43
www.ibm.com
11
EPSS
0
Percentile
10.3%
Summary
IBM MQ Appliance has resolved a sensitive information disclosure vulnerability.
Vulnerability Details
CVEID:CVE-2020-4319
**DESCRIPTION:**IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop could allow, under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Appliance | 8.0 |
| IBM MQ Appliance | 9.1 LTS |
| IBM MQ Appliance | 9.1 CD |
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.15, or later.
IBM MQ Appliance 9.1 LTS
Apply fixpack 9.1.0.6, or later.
IBM MQ Appliance 9.1 CD
Apply IBM MQ Appliance 9.2, or later.
Workarounds and Mitigations
None
Related
veracode
veracode
Information Disclosure
2022-02-16 06:59:50
prion
prion
Information disclosure
2020-07-28 12:15:00
ibm
ibm
nessus
nessus
cve
cve
CVE-2020-4319
2020-07-28 12:15:12
cvelist
cvelist
CVE-2020-4319
2020-07-28 12:05:26
nvd
nvd
CVE-2020-4319
2020-07-28 12:15:12
EPSS
0
Percentile
10.3%
Related for FA616DACC94195BC6A29D198FC854A57A8391FC063A30B1C53F2E3EC5E682C85