Arbitrary Code Execution in IBM Spectrum Protect Operations Center
CVE-2020-4693

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Spectrum Protect Operations Center
Vendor: CVE Published:; 2 September 2020

What is CVE-2020-4693?

IBM Spectrum Protect Operations Center versions ranging from 7.1.0.000 to 7.1.10 and from 8.1.0.000 to 8.1.9 are susceptible to arbitrary code execution due to a flaw in data validation prior to export. This issue could allow an attacker to manipulate the system to execute malicious code, resulting in potential unauthorized actions or system compromise. For further details, please refer to the official IBM support page and the IBM X-Force vulnerability database.

Affected Version(s)

Spectrum Protect Operations Center 7.1.0.000

Spectrum Protect Operations Center 8.1.0.000

Spectrum Protect Operations Center 7.1.10

References

https://www.ibm.com/support/pages/node/6325341

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186782

vdb-entryx_refsource_XF

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2020
Vulnerability Reserved
Dec 30, 2019