Sign-up

ID

VAR-202007-1084


CVE

CVE-2020-4375


TITLE

plural IBM Vulnerability in lack of release of resources after valid lifetime in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-008718

DESCRIPTION

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. Vendor exploits this vulnerability IBM X-Force ID: 179080 It is published as.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-4375 // JVNDB: JVNDB-2020-008718

AFFECTED PRODUCTS

vendor:ibmmodel:mq appliancescope:gteversion:8.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:9.1.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:9.1.0.6

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:9.2.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:8.0.0.15

Trust: 1.0

vendor:ibmmodel:mq appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008718 // NVD: CVE-2020-4375

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-4375
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1536
value: HIGH

Trust: 0.6

NVD: CVE-2020-4375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008718
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-4375
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008718
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008718 // CNNVD: CNNVD-202007-1536 // NVD: CVE-2020-4375

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-772

Trust: 0.8

sources: JVNDB: JVNDB-2020-008718 // NVD: CVE-2020-4375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1536

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1536

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-4375

PATCH
title:6252785url:https://www.ibm.com/support/pages/node/6252785
Trust: 0.8
title:ibm-mq-cve20204375-dos (179080)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/179080
Trust: 0.8
title:IBM MQ Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125187
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008718 // 
            
            
            
            CNNVD: CNNVD-202007-1536

EXTERNAL IDS
db:NVDid:CVE-2020-4375
Trust: 2.4
db:JVNDBid:JVNDB-2020-008718
Trust: 0.8
db:NSFOCUSid:47991
Trust: 0.6
db:CNNVDid:CNNVD-202007-1536
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008718 // 
            
            
            
            CNNVD: CNNVD-202007-1536 // 
            
            
            
            NVD: CVE-2020-4375

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/179080
Trust: 1.6
url:https://www.ibm.com/support/pages/node/6252785
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-4375
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4375
Trust: 0.8
url:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/
Trust: 0.6
url:https://vigilance.fr/vulnerability/ibm-mq-appliance-memory-leak-via-dynamic-queue-error-32946
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4375/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-due-to-a-memory-leak-caused-by-an-error-creating-a-dynamic-queue-cve-2020-4375/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47991
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008718 // 
            
            
            
            CNNVD: CNNVD-202007-1536 // 
            
            
            
            NVD: CVE-2020-4375

SOURCES
db:JVNDBid:JVNDB-2020-008718
db:CNNVDid:CNNVD-202007-1536
db:NVDid:CVE-2020-4375

LAST UPDATE DATE
2022-05-04T10:15:06.179000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-008718date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1536date:2020-12-11T00:00:00
db:NVDid:CVE-2020-4375date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-008718date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1536date:2020-07-27T00:00:00
db:NVDid:CVE-2020-4375date:2020-07-28T12:15:00