Vulnerability Description
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Mq | >= 8.0.0.0, < 8.0.0.15 |
| Hp | Hp-Ux | - |
| Ibm | Aix | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Oracle | Solaris | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/177403VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/5736885Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/177403VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/5736885Vendor Advisory
FAQ
What is CVE-2020-4320?
CVE-2020-4320 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
How severe is CVE-2020-4320?
CVE-2020-4320 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-4320?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Mq, Hp Hp-Ux, Ibm Aix, Linux Linux Kernel, Microsoft Windows.