CVE-2020-4682

CRITICAL

IBM MQ - Insecure Deserialization

Title source: rule

Description

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

References (2)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/186509

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6408626

Scores

CVSS v3 9.8

EPSS 0.0299

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (47)

ibm/mq

... and 32 more

Timeline

Published Jan 28, 2021

Tracked Since Feb 18, 2026