CRITICAL🇬🇧 English

CVE-2020-4682

CVSS 9.8v3.1pub. 2021-01-28upd. 2024-11-21

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Mq

    APP
    Ibm
    8.0.0.08.0.0.18.0.0.108.0.0.118.0.0.128.0.0.138.0.0.148.0.0.158.0.0.28.0.0.38.0.0.48.0.0.58.0.0.68.0.0.78.0.0.8+ 21 więcej
  • IBM Mq Appliance

    APP
    Ibm
    9.2.0.0
  • IBM Websphere Mq

    APP
    Ibm
    7.5.0.07.5.0.17.5.0.27.5.0.37.5.0.47.5.0.57.5.0.67.5.0.77.5.0.87.5.0.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2022-22489CRITICAL9.1ten sam produkt

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE)...

CVE-2025-36128HIGH7.5ten sam produkt

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforce...

CVE-2025-0975HIGH8.8ten sam produkt

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to i...

CVE-2024-31912HIGH7.5ten sam produkt

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configu...

CVE-2024-25015HIGH7.5ten sam produkt

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service ...