CVE-2020-4470

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

CVSS breakdown

CVSS 3.0

Availability

High

Integrity

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Privileges Required

Low

Attack Complexity

High

Attack Vector

Network

Unchanged

Changed

Affected products

ibm / Spectrum Protect Plus10.1.0 – 10.1.0
ibm / Spectrum Protect Plus10.1.5 – 10.1.5

References

MISChttps://www.ibm.com/support/pages/node/6221358
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/181725
MISChttps://www.tenable.com/security/research/tra-2020-37