ID
VAR-202101-1665
CVE
CVE-2020-4682
TITLE
IBM MQ Code problem vulnerability
Trust: 0.6
sources:
CNNVD: CNNVD-202101-2461
DESCRIPTION
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509
Trust: 0.99
sources:
NVD: CVE-2020-4682 //
VULMON: CVE-2020-4682
AFFECTED PRODUCTS
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.7 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.9 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.8 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.6 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.12 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.6 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.7 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.8 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.10 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.8 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.4 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.6 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.13 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.9 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.4 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.15 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.4 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.4 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.9 | Trust: 1.0 |
| vendor: | ibm | model: | websphere mq | scope: | eq | version: | 7.5.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.1.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.7 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.10 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.6 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.14 | Trust: 1.0 |
| vendor: | ibm | model: | mq appliance | scope: | eq | version: | 9.2.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 8.0.0.11 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.2.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | mq | scope: | eq | version: | 9.2.1.0 | Trust: 1.0 |
sources:
NVD: CVE-2020-4682
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2020-4682 //
CNNVD: CNNVD-202101-2461 //
NVD: CVE-2020-4682
PROBLEMTYPE DATA
| problemtype: | CWE-502 | Trust: 1.0 |
sources:
NVD: CVE-2020-4682
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202101-2461
TYPE
code problem
Trust: 0.6
sources:
CNNVD: CNNVD-202101-2461
CONFIGURATIONS
sources:
NVD: CVE-2020-4682
PATCH
| title: | IBM MQ Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140067 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202101-2461
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-4682 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-202101-2461 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2020-4682 | Trust: 0.1 |
sources:
VULMON: CVE-2020-4682 //
CNNVD: CNNVD-202101-2461 //
NVD: CVE-2020-4682
REFERENCES
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 | Trust: 1.8 |
| url: | https://www.ibm.com/support/pages/node/6408626 | Trust: 1.7 |
| url: | https://www.ibm.com/support/pages/node/6496783 | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-4682 | Trust: 0.6 |
| url: | https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/ | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/ibm-mq-code-execution-via-deserialization-34421 | Trust: 0.6 |
| url: | https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4682/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/502.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2020-4682 //
CNNVD: CNNVD-202101-2461 //
NVD: CVE-2020-4682
SOURCES
| db: | VULMON | id: | CVE-2020-4682 |
| db: | CNNVD | id: | CNNVD-202101-2461 |
| db: | NVD | id: | CVE-2020-4682 |
LAST UPDATE DATE
2022-05-04T08:52:19.080000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2020-4682 | date: | 2021-02-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-2461 | date: | 2021-10-08T00:00:00 |
| db: | NVD | id: | CVE-2020-4682 | date: | 2021-02-02T17:35:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2020-4682 | date: | 2021-01-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-2461 | date: | 2021-01-27T00:00:00 |
| db: | NVD | id: | CVE-2020-4682 | date: | 2021-01-28T13:15:00 |