4.3
CVE-2020-4319
- EPSS 0.16%
- Veröffentlicht 28.07.2020 12:15:12
- Zuletzt bearbeitet 21.11.2024 05:32:35
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Mq Appliance Version >= 8.0 < 8.0.0.15
Ibm ≫ Mq Appliance SwEditionlts Version >= 9.1.0.0 < 9.1.0.6
Ibm ≫ Mq Appliance SwEditioncontinuous_delivery Version >= 9.1.0.0 < 9.2.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
| psirt@us.ibm.com | 3.1 | 1.6 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.