CVE-2020-4682

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.0%
top 13.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM MQIBM MQ ApplianceIBM Websphere MQ
Timeline
PublishedJan 28
Latest updateSep 22

Description

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5ibm/mq5 versions+4
NVDibm/mq36 versions+35
NVDibm/mq_appliance9.2.0.0
NVDibm/websphere_mq10 versions+9

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
OSV
libjpeg-turbo vulnerabilities2022-09-22
GHSA
GHSA-hmh7-p3j6-5g37: IBM MQ 72022-05-24
CVEList
CVE-2020-4682: IBM MQ 72021-01-28
CVE-2020-4682 (CRITICAL CVSS 9.8) | IBM MQ 7.5 | cvebase.io