Data Corruption Vulnerability in IBM MQ Appliance 9.1.CD and LTS
CVE-2020-4592

5.3MEDIUM

Key Information:

Vendor: IBM
Status: MQ Appliance
Vendor: CVE Published:; 18 November 2020

Summary

An authenticated user of IBM MQ Appliance 9.1.CD and LTS under nondefault configurations can exploit a flaw relating to the processing of segmented messages. This vulnerability may result in data corruption, posing significant risks to the integrity of the information transmitted within the application. Proper attention must be given to configuration settings to mitigate potential threats associated with this vulnerability.

Affected Version(s)

MQ Appliance 9.1.LTS

MQ Appliance 9.1.CD

References

https://www.ibm.com/support/pages/node/6359019

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184755

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2020
Vulnerability Reserved
Dec 30, 2019