Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-4320

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

Published

2020-06-16T14:15:11.463

Last Modified

2024-11-21T05:32:35.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	mq	< 8.0.0.15	Yes
Application	ibm	mq	< 9.0.0.10	Yes
Application	ibm	mq	< 9.1.5	Yes
Application	ibm	mq	< 9.1.0.5	Yes
Operating System	hp	hp-ux	-	No
Operating System	ibm	aix	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	oracle	solaris	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/5736885 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/5736885 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)