Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-4682

Опубликовано: 28 янв. 2021
Источник: nvd
CVSS3: 8.1
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02993
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-502

Связанные уязвимости

github логотип

GHSA-hmh7-p3j6-5g37

github
больше 3 лет назад

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

EPSS

Процентиль: 86%
0.02993
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-502