Arbitrary File Upload Vulnerability in IBM Spectrum Protect Plus Administrative Console
CVE-2020-4703

8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 September 2020

Summary

An authenticated attacker could exploit a flaw in the IBM Spectrum Protect Plus Administrative Console, versions 10.1.0 through 10.1.6, allowing them to upload arbitrary files. This could lead to the execution of arbitrary code on the vulnerable server, potentially compromising the integrity and availability of the system. This vulnerability stems from an incomplete fix for a previous issue (CVE-2020-4470) and highlights the importance of robust security measures.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.