CVE-2020-4319

EPSS 0.16%
Published 28.07.2020 12:15:12
Last modified 21.11.2024 05:32:35
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Mq Appliance Version >= 8.0 < 8.0.0.15

Ibm ≫ Mq Appliance SwEditionlts Version >= 9.1.0.0 < 9.1.0.6

Ibm ≫ Mq Appliance SwEditioncontinuous_delivery Version >= 9.1.0.0 < 9.2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.329

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N
psirt@us.ibm.com	3.1	1.6	1.4	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://exchange.xforce.ibmcloud.com/vulnerabilities/177402

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/6252777

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4319

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4319

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4319

EUVD