CVE-2020-4320

MEDIUM

IBM MQ 8.0.0.0-8.0.0.14, 9.0.0.0-9.0.0.9, 9.1.0-9.1.4 - Improper Certificate Validation in AMQP Channels

Title source: llm
STIX 2.1

Description

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/5736885
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/177403

Scores

CVSS v3 6.5
EPSS 0.0079
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-295
Status published
Products (3)
ibm/mq 8.0.0.0 - 8.0.0.15
ibm/mq 9.0.0.0 - 9.0.0.10
ibm/mq 9.1.0 - 9.1.5
Published Jun 16, 2020
Tracked Since Feb 18, 2026