CVE-2020-4319

MEDIUM

IBM MQ Appliance < 8.0.0.15 - Error Information Exposure

Title source: rule
STIX 2.1

Description

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6252777
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/177402

Scores

CVSS v3 4.3
EPSS 0.0075
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-209
Status published
Products (3)
ibm/mq_appliance 8.0 - 8.0.0.15
ibm/mq_appliance 9.1.0.0 - 9.1.0.6
ibm/mq_appliance 9.1.0.0 - 9.2.0.0
Published Jul 28, 2020
Tracked Since Feb 18, 2026