CVE-2020-4267 - OpenCVE

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Mq Mq Appliance

Configuration 1 [-]

OR	cpe:2.3:a:ibm:mq::::::::
	cpe:2.3:a:ibm:mq:::::lts:::*
	cpe:2.3:a:ibm:mq_appliance:::::continuous_delivery:::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/175840
https://www.ibm.com/support/pages/node/6195384

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2020-04-24T15:50:21.949654Z

Updated: 2024-09-16T23:01:18.469Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4267

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-24T16:15:13.307

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-4267

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MQ Appliance", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.0.0.3"}, {"status": "affected", "version": "8.0.0.4"}, {"status": "affected", "version": "8.0.0.5"}, {"status": "affected", "version": "8.0.0.6"}, {"status": "affected", "version": "8.0.0.0"}, {"status": "affected", "version": "8.0.0.8"}, {"status": "affected", "version": "8.0.0.10"}, {"status": "affected", "version": "8.0.0.11"}, {"status": "affected", "version": "9.1.0.1"}, {"status": "affected", "version": "9.1.1"}, {"status": "affected", "version": "8.0.0.1"}, {"status": "affected", "version": "8.0.0.7"}, {"status": "affected", "version": "8.0.0.9"}, {"status": "affected", "version": "8.0.0.12"}, {"status": "affected", "version": "9.1.0.2"}, {"status": "affected", "version": "9.1.2"}, {"status": "affected", "version": "9.1.0.3"}, {"status": "affected", "version": "9.1.3"}, {"status": "affected", "version": "9.1"}, {"status": "affected", "version": "8.0.0.13"}, {"status": "affected", "version": "9.1.0.4"}, {"status": "affected", "version": "9.1.4"}]}], "datePublic": "2020-04-22T00:00:00", "descriptions": [{"lang": "en", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/C:N/UI:N/AC:H/S:U/I:N/PR:L/AV:N/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-24T15:50:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6195384"}, {"name": "ibm-mq-cve20204267-dos (175840)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-22T00:00:00", "ID": "CVE-2020-4267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MQ Appliance", "version": {"version_data": [{"version_value": "8.0.0.3"}, {"version_value": "8.0.0.4"}, {"version_value": "8.0.0.5"}, {"version_value": "8.0.0.6"}, {"version_value": "8.0.0.0"}, {"version_value": "8.0.0.8"}, {"version_value": "8.0.0.10"}, {"version_value": "8.0.0.11"}, {"version_value": "9.1.0.1"}, {"version_value": "9.1.1"}, {"version_value": "8.0.0.1"}, {"version_value": "8.0.0.7"}, {"version_value": "8.0.0.9"}, {"version_value": "8.0.0.12"}, {"version_value": "9.1.0.2"}, {"version_value": "9.1.2"}, {"version_value": "9.1.0.3"}, {"version_value": "9.1.3"}, {"version_value": "9.1"}, {"version_value": "8.0.0.13"}, {"version_value": "9.1.0.4"}, {"version_value": "9.1.4"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "N", "C": "N", "I": "N", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6195384", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6195384 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6195384"}, {"name": "ibm-mq-cve20204267-dos (175840)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:00:06.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6195384"}, {"name": "ibm-mq-cve20204267-dos (175840)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4267", "datePublished": "2020-04-24T15:50:21.949654Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T23:01:18.469Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "matchCriteriaId": "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "B0E59D46-75D6-486D-8016-0B1BF8F8EB69", "versionEndExcluding": "9.1.0.4", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "D27D8F49-7FAA-4E4B-BCE4-34F4CF0282BA", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840."}, {"lang": "es", "value": "IBM MQ y MQ Appliance versiones 8.0, 9.1 LTS y 9.1 CD, podr\u00edan permitir a un usuario autenticado causar una denegaci\u00f3n de servicio debido a una p\u00e9rdida de la memoria. ID de IBM X-Force: 175840."}], "id": "CVE-2020-4267", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-24T16:15:13.307", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175840"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6195384"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}