CVE-2020-4498 — Log File Information Exposure in IBM MQ Appliance

CWE-532 — Log File Information Exposure CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 87.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Appliance

Timeline

PublishedJul 27

Latest updateMay 24

Description

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/mq_appliance9.1.0.0 — 9.1.0.6+1

▶CVEListV5ibm/mq_appliance11 versions+10

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vqj-8xcw-9566: IBM MQ Appliance 9↗2022-05-24

▶

CVEList

CVE-2020-4498: IBM MQ Appliance 9↗2020-07-27

▶

💬Community

Bugzilla

CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c↗2019-02-14

▶