CVE-2020-4682

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.

Published: Jan 28, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-4682
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
ibm / websphere_mq	7.5.0.1	7.5.0.1.x
ibm / websphere_mq	7.5.0.2	7.5.0.2.x
ibm / websphere_mq	7.5.0.3	7.5.0.3.x
ibm / websphere_mq	7.5.0.5	7.5.0.5.x
ibm / websphere_mq	7.5.0.6	7.5.0.6.x
ibm / websphere_mq	7.5.0.4	7.5.0.4.x
ibm / websphere_mq	7.5.0.7	7.5.0.7.x
ibm / websphere_mq	7.5.0.8	7.5.0.8.x
ibm / mq	9.1.0.0	9.1.0.0.x
ibm / mq_appliance	9.2.0.0	9.2.0.0.x
ibm / websphere_mq	7.5.0.9	7.5.0.9.x
ibm / websphere_mq	7.5.0.0	7.5.0.0.x
ibm / mq	9.1.0.6	9.1.0.6.x
ibm / mq	9.1.0.5	9.1.0.5.x
ibm / mq	9.1.0.4	9.1.0.4.x
ibm / mq	9.1.0.3	9.1.0.3.x
ibm / mq	9.1.0.2	9.1.0.2.x
ibm / mq	9.1.0.1	9.1.0.1.x
ibm / mq	9.0.0.10	9.0.0.10.x
ibm / mq	9.0.0.9	9.0.0.9.x
ibm / mq	9.0.0.8	9.0.0.8.x
ibm / mq	9.0.0.7	9.0.0.7.x
ibm / mq	9.0.0.6	9.0.0.6.x
ibm / mq	9.0.0.5	9.0.0.5.x
ibm / mq	9.0.0.4	9.0.0.4.x
ibm / mq	9.0.0.3	9.0.0.3.x
ibm / mq	9.0.0.2	9.0.0.2.x
ibm / mq	9.0.0.1	9.0.0.1.x
ibm / mq	9.0.0.0	9.0.0.0.x
ibm / mq	8.0.0.0	8.0.0.0.x
ibm / mq	8.0.0.1	8.0.0.1.x
ibm / mq	8.0.0.2	8.0.0.2.x
ibm / mq	8.0.0.3	8.0.0.3.x
ibm / mq	8.0.0.4	8.0.0.4.x
ibm / mq	8.0.0.5	8.0.0.5.x
ibm / mq	8.0.0.6	8.0.0.6.x
ibm / mq	8.0.0.7	8.0.0.7.x
ibm / mq	8.0.0.8	8.0.0.8.x
ibm / mq	8.0.0.9	8.0.0.9.x
ibm / mq	8.0.0.10	8.0.0.10.x
ibm / mq	8.0.0.11	8.0.0.11.x
ibm / mq	8.0.0.12	8.0.0.12.x
ibm / mq	8.0.0.13	8.0.0.13.x
ibm / mq	8.0.0.14	8.0.0.14.x
ibm / mq	8.0.0.15	8.0.0.15.x
ibm / mq	9.2.1.0	9.2.1.0.x
ibm / mq	9.2.0.0	9.2.0.0.x

Vulnerability Database

289,871

CVE-2020-4682