{"containers": {"cna": {"affected": [{"product": "MQ", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "9.0.0"}, {"status": "affected", "version": "9.1.0"}, {"status": "affected", "version": "7.5.0"}, {"status": "affected", "version": "9.2.0"}]}], "datePublic": "2021-01-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:H/S:U/C:H/UI:N/A:H/AV:N/PR:N/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-28T12:55:15.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6408626"}, {"name": "ibm-mq-cve20204682-code-exec (186509)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-27T00:00:00", "ID": "CVE-2020-4682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MQ", "version": {"version_data": [{"version_value": "8.0.0"}, {"version_value": "9.0.0"}, {"version_value": "9.1.0"}, {"version_value": "7.5.0"}, {"version_value": "9.2.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6408626", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6408626 (MQ)", "url": "https://www.ibm.com/support/pages/node/6408626"}, {"name": "ibm-mq-cve20204682-code-exec (186509)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:14:57.859Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6408626"}, {"name": "ibm-mq-cve20204682-code-exec (186509)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4682", "datePublished": "2021-01-28T12:55:15.366Z", "dateReserved": "2019-12-30T00:00:00.000Z", "dateUpdated": "2024-09-16T19:04:36.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC5F66BE-1A17-4A4E-AC8C-EA1CAF7AC09C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF9603C1-D840-4904-AE6F-A22DD1EE62A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "89484A74-154F-4B7F-97C7-A8014CE90B1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B7D03F7-37F6-4D27-A24C-2C6D5118D8AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "01735BC7-4CF2-4A52-9A4A-3DE470161C46", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "743149EB-7330-470B-B2FF-E1881E52FCC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B683ED2B-D16D-45B6-AA2E-85C53BD365FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1D8A3EDB-A8B2-4D4B-8BFF-4FCAA71C6E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C955E798-BFC9-40ED-9C87-7419258D5B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "CFC27C59-29E3-4003-A0B2-8E8523607BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "27181014-820E-4F83-9A4C-3BFE20C3F51C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D50267F1-CDF0-44C0-AD00-2B31056ADA81", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "ABC33CD9-114F-44FE-803B-481CE0FA1152", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "03A4D2DF-CD27-495D-97BD-8368544BA79A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D051AEA9-B175-4596-82E1-5C1947E90B78", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:8.0.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "B79D5A00-E1B4-4C84-A785-DE95AA269D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.0:*:*:*:lts:*:*:*", "matchCriteriaId": "3B33CE6E-04D7-4AB7-8636-8D13BCBE71DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.1:*:*:*:lts:*:*:*", "matchCriteriaId": "34EE34F4-C261-490A-99D3-39931015AF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.2:*:*:*:lts:*:*:*", "matchCriteriaId": "2F6183AA-BD76-4296-B5F4-4BF5C208D6BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.3:*:*:*:lts:*:*:*", "matchCriteriaId": "64E400B5-794D-464B-86AB-18DFF51B513B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.4:*:*:*:lts:*:*:*", "matchCriteriaId": "AF0640FB-9FC1-42DC-AE8E-F5D08F91499C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.5:*:*:*:lts:*:*:*", "matchCriteriaId": "3A17226C-45FE-4813-986E-E56FAE069ED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.6:*:*:*:lts:*:*:*", "matchCriteriaId": "86076A60-CF54-4415-BBB8-43FCE6DAA730", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.7:*:*:*:lts:*:*:*", "matchCriteriaId": "377AD541-582A-42BA-95E4-6D5C83853935", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.8:*:*:*:lts:*:*:*", "matchCriteriaId": "E740B9BE-F7FE-4C5B-AAA2-374317DB311F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.9:*:*:*:lts:*:*:*", "matchCriteriaId": "9E11D5A7-36E7-486F-ADF0-249077131F25", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.0.0.10:*:*:*:lts:*:*:*", "matchCriteriaId": "7A734DD2-B1AB-4878-8FC3-B2DE1E0594A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*", "matchCriteriaId": "2E9E3A1B-D35D-4029-835C-C27917C2ABD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.1:*:*:*:lts:*:*:*", "matchCriteriaId": "5B896932-B8E9-4DC9-AFEF-FA78A582C6A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.2:*:*:*:lts:*:*:*", "matchCriteriaId": "68CA3D42-2435-40A7-A3C0-C3D96AF0FFE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.3:*:*:*:lts:*:*:*", "matchCriteriaId": "7050C0EB-7265-4E8C-A409-F12D290C7814", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.4:*:*:*:lts:*:*:*", "matchCriteriaId": "A659039B-261A-4EC9-A98C-5F8AED25DC8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.5:*:*:*:lts:*:*:*", "matchCriteriaId": "968BD11F-D548-4288-BA30-1ED1633E6E9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.1.0.6:*:*:*:lts:*:*:*", "matchCriteriaId": "272C2020-A724-4F41-8AD4-E0F821711653", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "A5A3F5F2-7759-47F3-948B-59A2DF6DD0B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq:9.2.1.0:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "D278C55A-7E38-469F-9D65-35EB02C271F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:9.2.0.0:*:*:*:lts:*:*:*", "matchCriteriaId": "0D974075-234B-443A-A6BE-3E2547379894", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB55C2B8-5202-4902-B5F3-8254424062F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0343E94F-6DE2-4E27-AFC5-D4650A4519F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BDA4EE08-D531-4957-BF2A-C5A9ABB0F38D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "751BF695-E27A-4D9F-9190-84A7BCD5E268", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CDA1EF24-9710-4C4A-8059-917C02185CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "CC257545-44A3-4659-951D-F4DFF3B87CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1FD4E86C-0E58-4A91-A18C-534464BC197A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "AE4B1F7A-8989-4B4E-A75E-037B38ED7536", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D98FEC2B-14F4-48EF-A7D2-DA4451EBD402", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_mq:7.5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "D70EC47A-CDF1-45AC-8393-EE6A604AE538", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509."}, {"lang": "es", "value": "IBM MQ versiones 7.5, 8.0, 9.0, 9.1, 9.2 LTS y 9.2 CD, podr\u00edan permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema, causado por una deserializaci\u00f3n no segura de datos confiables. Un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. IBM X-Force ID: 186509"}], "id": "CVE-2020-4682", "lastModified": "2024-11-21T05:33:07.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-28T13:15:12.000", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6408626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6408626"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}