Description
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
CVSS breakdown
CVSS 3.0
Privileges Required
Low
Confidentiality
High
User Interaction
Required
Integrity
High
Attack Vector
Network
Scope
Unchanged
Attack Complexity
Low
Availability
High
RL
O
RC
Changed
E
Unchanged
Affected products
- ibm / Spectrum Protect Plus10.1.0 – 10.1.0
- ibm / Spectrum Protect Plus10.1.6 – 10.1.6