CRITICAL🇵🇱 Wersja polska

CVE-2020-4682

CVSS 9.8v3.1pub. 2021-01-28upd. 2024-11-21

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Mq

    APP
    Ibm
    8.0.0.08.0.0.18.0.0.108.0.0.118.0.0.128.0.0.138.0.0.148.0.0.158.0.0.28.0.0.38.0.0.48.0.0.58.0.0.68.0.0.78.0.0.8+ 21 więcej
  • IBM Mq Appliance

    APP
    Ibm
    9.2.0.0
  • IBM Websphere Mq

    APP
    Ibm
    7.5.0.07.5.0.17.5.0.27.5.0.37.5.0.47.5.0.57.5.0.67.5.0.77.5.0.87.5.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2022-22489CRITICAL9.1ten sam produkt

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE)...

CVE-2025-36128HIGH7.5ten sam produkt

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforce...

CVE-2025-0975HIGH8.8ten sam produkt

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to i...

CVE-2024-31912HIGH7.5ten sam produkt

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configu...

CVE-2024-25015HIGH7.5ten sam produkt

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service ...