Sign-up

ID

VAR-202007-1093


CVE

CVE-2020-4319


TITLE

plural IBM Product Information Leakage Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008717

DESCRIPTION

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402. Vendor exploits this vulnerability IBM X-Force ID: 177402 It is published as.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-4319 // JVNDB: JVNDB-2020-008717

AFFECTED PRODUCTS

vendor:ibmmodel:mq appliancescope:gteversion:8.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:gteversion:9.1.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:9.1.0.6

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:9.2.0.0

Trust: 1.0

vendor:ibmmodel:mq appliancescope:ltversion:8.0.0.15

Trust: 1.0

vendor:ibmmodel:mq appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008717 // NVD: CVE-2020-4319

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-4319
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008717
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1545
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-4319
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008717
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-4319
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008717
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008717 // CNNVD: CNNVD-202007-1545 // NVD: CVE-2020-4319

PROBLEMTYPE DATA

problemtype:CWE-209

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-008717 // NVD: CVE-2020-4319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1545

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-1545

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-4319

PATCH
title:6252777url:https://www.ibm.com/support/pages/node/6252777
Trust: 0.8
title:ibm-mq-cve20204319-info-disc (177402)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/177402
Trust: 0.8
title:IBM MQ Appliance Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125189
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008717 // 
            
            
            
            CNNVD: CNNVD-202007-1545

EXTERNAL IDS
db:NVDid:CVE-2020-4319
Trust: 2.4
db:JVNDBid:JVNDB-2020-008717
Trust: 0.8
db:NSFOCUSid:49873
Trust: 0.6
db:CNNVDid:CNNVD-202007-1545
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008717 // 
            
            
            
            CNNVD: CNNVD-202007-1545 // 
            
            
            
            NVD: CVE-2020-4319

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/177402
Trust: 1.6
url:https://www.ibm.com/support/pages/node/6252777
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-4319
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-4319
Trust: 0.8
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-sensitive-information-disclosure-vulnerability-cve-2020-4319/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4319/
Trust: 0.6
url:https://vigilance.fr/vulnerability/ibm-mq-appliance-information-disclosure-via-pre-v7-pubsub-logic-error-message-32945
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49873
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-leak-sensitive-information-due-to-an-error-within-the-pre-v7-pubsub-logic-cve-2020-4319/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008717 // 
            
            
            
            CNNVD: CNNVD-202007-1545 // 
            
            
            
            NVD: CVE-2020-4319

SOURCES
db:JVNDBid:JVNDB-2020-008717
db:CNNVDid:CNNVD-202007-1545
db:NVDid:CVE-2020-4319

LAST UPDATE DATE
2022-05-04T10:10:54.352000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-008717date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1545date:2020-10-27T00:00:00
db:NVDid:CVE-2020-4319date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-008717date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1545date:2020-07-27T00:00:00
db:NVDid:CVE-2020-4319date:2020-07-28T12:15:00