Code Execution Risk in IBM i2 iBase by Arbitrary File Upload
CVE-2020-4588

7.7HIGH

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
30 October 2020

Summary

The vulnerability in IBM i2 iBase 8.9.13 allows an attacker to upload arbitrary executable files. If executed by an unsuspecting victim, this could lead to unauthorized code execution within the victim's environment. Attackers exploiting this vulnerability can manipulate the file upload process, potentially compromising sensitive information and system integrity.

Affected Version(s)

i2 iBase 8.9.13

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.