| Vulnerability Name: | CVE-2020-4931 (CCN-191747) |
| Assigned: | 2019-12-30 |
| Published: | 2021-02-23 |
| Updated: | 2021-03-01 |
| Summary: | IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
|
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
|
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-noinfo
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2020-4931
Source: XF
Type: UNKNOWN
ibm-mq-cve20204931-dos(191747)
Source: XF
Type: VDB Entry, Vendor Advisory
ibm-mq-cve20204931-dos (191747)
Source: CCN
Type: IBM Security Bulletin 6403295 (MQ Appliance)
IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4931)
Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6403295
Source: CCN
Type: IBM Security Bulletin 6427591 (MQ)
IBM MQ AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. (CVE-2020-4931)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*OR cpe:/a:ibm:mq:9.2.0.0:*:*:*:lts:*:*:*
Configuration CCN 1:
cpe:/a:ibm:mq_appliance:9.1.0.0:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.0.2:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.2:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.0.3:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.3:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.4:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.5:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq_appliance:9.1.0.6:*:*:*:lts:*:*:*OR cpe:/a:ibm:mq_appliance:9.2.0.0:*:*:*:continuous_delivery:*:*:*AND cpe:/a:ibm:mq:8.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:mq:9.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*OR cpe:/a:ibm:mq:9.2.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |