Arbitrary File Upload Vulnerability in IBM Spectrum Protect Plus Administrative Console
CVE-2020-4703
8HIGH
Summary
An authenticated attacker could exploit a flaw in the IBM Spectrum Protect Plus Administrative Console, versions 10.1.0 through 10.1.6, allowing them to upload arbitrary files. This could lead to the execution of arbitrary code on the vulnerable server, potentially compromising the integrity and availability of the system. This vulnerability stems from an incomplete fix for a previous issue (CVE-2020-4470) and highlights the importance of robust security measures.
Affected Version(s)
Spectrum Protect Plus 10.1.0
Spectrum Protect Plus 10.1.6
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved