CVE-2020-4931 — IBM MQ Appliance vulnerability

5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 40.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Appliance IBM MQ

Timeline

PublishedFeb 24

Latest updateMay 24

Description

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/mq9.1.0, 9.1.0.0, 9.2.0.0+2

▶CVEListV5ibm/mq_appliance14 versions+13

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-xjvm-vf2p-w3rh: IBM MQ 9↗2022-05-24

▶

CVEList

CVE-2020-4931: IBM MQ 9↗2021-02-24

▶

💬Community

Bugzilla

CVE-2020-14389 keycloak: user can manage resources with just "view-profile" role using new Account Console↗2020-09-04

▶

Bugzilla

CVE-2020-10776 keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS↗2020-06-16

▶