Arbitrary Command Execution in IBM Spectrum and Platform Symphony Products
CVE-2018-1595

8.8HIGH

Key Information:

Vendor

IBM
Status
Spectrum Symphony
Vendor
CVE Published:
1 August 2018

What is CVE-2018-1595?

IBM Spectrum Symphony and Platform Symphony versions 7.1.2 and 7.2.0.2 are susceptible to an arbitrary command execution vulnerability that arises from improper handling of user-supplied input. This flaw can be exploited by authenticated users to execute arbitrary commands, potentially leading to significant security risks. For further details, please refer to the IBM support documentation and the IBM X-Force ID: 143622.

Affected Version(s)

Spectrum Symphony 7.2.0.2

Spectrum Symphony 7.1.2

References

http://www.securityfocus.com/bid/104956
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=isg3T1027819
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/143622
vdb-entryx_refsource_XF

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.