CVE-2020-4320Improper Certificate Validation in IBM MQ

CWE-295Improper Certificate Validation3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ
Timeline
PublishedJun 16
Latest updateMay 24

Description

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/mq8.0.0.08.0.0.15+3
CVEListV5ibm/mq4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-h8p9-p3q3-7x89: IBM MQ Appliance and IBM MQ AMQP Channels 82022-05-24
CVEList
CVE-2020-4320: IBM MQ Appliance and IBM MQ AMQP Channels 82020-06-16
CVE-2020-4320 — Improper Certificate Validation in IBM | cvebase