Login Sign Up

CVE-2020-4766

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in IBM MQ Internet Pass-Thru allows remote attackers to cause a denial of service by sending specially crafted MQ data requests that consume all available system resources. It affects IBM MQ Internet Pass-Thru versions 2.1 and 9.2. Organizations using these versions with internet-facing MQ services are particularly at risk.

💻 Affected Systems

Products:
  • IBM MQ Internet Pass-Thru
Versions: 2.1 and 9.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Mq Internet Pass Thru by Ibm

View all CVEs affecting Mq Internet Pass Thru →

Mq Internet Pass Thru by Ibm

View all CVEs affecting Mq Internet Pass Thru →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of IBM MQ Internet Pass-Thru, potentially affecting dependent applications and business processes that rely on MQ messaging.

🟠

Likely Case

Degraded performance or temporary unavailability of MQ services requiring service restart and cleanup of consumed resources.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and monitoring in place to detect and block malicious traffic patterns.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending malformed MQ data requests but does not require authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM APAR IT35138

Vendor Advisory: https://www.ibm.com/support/pages/node/6406254

Restart Required: Yes

Instructions:

1. Review IBM advisory IT35138. 2. Download and apply the appropriate fix for your version. 3. Restart IBM MQ Internet Pass-Thru services. 4. Verify the fix is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to IBM MQ Internet Pass-Thru to only trusted sources using firewalls or network ACLs.

Rate Limiting

all

Implement rate limiting on MQ data requests to prevent resource exhaustion attacks.

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to trusted IP addresses only.
  • Deploy monitoring and alerting for unusual resource consumption patterns on MQ servers.

🔍 How to Verify

Check if Vulnerable:

Check IBM MQ Internet Pass-Thru version using 'dspmqver' command and verify if running version 2.1 or 9.2.

Check Version:

dspmqver

Verify Fix Applied:

Verify APAR IT35138 is applied by checking fix status in IBM MQ administration console or via 'dspmqver' showing patched version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual increase in MQ data request errors
  • Resource exhaustion warnings in system logs
  • High CPU/memory usage alerts

Network Indicators:

  • Unusual volume of MQ data requests from single sources
  • Malformed MQ protocol traffic patterns

SIEM Query:

source="mq_logs" AND (error_count > threshold OR resource_usage > 90%)

📊 Metadata

CVE ID: CVE-2020-4766
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: January 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-4766, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)