CVE-2020-4938Cross-Site Request Forgery in IBM MQ Appliance

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM MQ Appliance
Timeline
PublishedJul 12
Latest updateMay 24

Description

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/mq_appliance9.19.2.2+2
CVEListV5ibm/mq_appliance9.1, 9.2+1

🔴Vulnerability Details

2
GHSA
GHSA-vvf5-hc5m-grm8: IBM MQ Appliance 92022-05-24
CVEList
CVE-2020-4938: IBM MQ Appliance 92021-07-12

📋Vendor Advisories

1
Microsoft
Microsoft Word Security Feature Bypass Vulnerability2020-11-10
CVE-2020-4938 — Cross-Site Request Forgery in IBM | cvebase