CVE-2019-4620Improper Input Validation in IBM MQ Appliance

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ Appliance
Timeline
PublishedJan 28
Latest updateMay 24

Description

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/mq_appliance8.0.0.08.0.0.14+2
CVEListV5ibm/mq_appliance19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-qwqq-r334-mqgx: IBM MQ Appliance 82022-05-24
CVEList
CVE-2019-4620: IBM MQ Appliance 82020-01-28

💬Community

1
Bugzilla
CVE-2019-12218 SDL: null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c2019-07-23
CVE-2019-4620 — Improper Input Validation in IBM | cvebase