4.3
CVE-2020-4319
- EPSS 0.16%
- Veröffentlicht 28.07.2020 12:15:12
- Zuletzt bearbeitet 21.11.2024 05:32:35
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Mq Appliance Version >= 8.0 < 8.0.0.15
Ibm ≫ Mq Appliance SwEditionlts Version >= 9.1.0.0 < 9.1.0.6
Ibm ≫ Mq Appliance SwEditioncontinuous_delivery Version >= 9.1.0.0 < 9.2.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
| psirt@us.ibm.com | 3.1 | 1.6 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.